Snort - Network Intrusion Detection & Prevention System

Talos Rules 2023-01-17

This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-chrome, file-office, malware-cnc, malware-other, os-linux, os-windows, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

29200

2023-01-17 23:22:08 UTC

Snort Subscriber Rules Update

Date: 2023-01-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2092000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61096 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61097 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61102 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61103 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61104 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61105 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61106 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61107 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61108 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61109 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61110 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61111 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61112 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61113 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61114 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61115 <-> DISABLED <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt (server-other.rules)
 * 1:61116 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61117 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61118 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61119 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61120 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61121 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61122 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61123 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61124 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61125 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61126 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61127 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61128 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61129 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61130 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61131 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61132 <-> DISABLED <-> SERVER-OTHER Fscan scanner PHP object injection attempt (server-other.rules)
 * 1:61133 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61134 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61135 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61136 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61137 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61138 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61139 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61140 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61141 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61142 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61143 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61144 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61145 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61146 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61147 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61148 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61149 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61150 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61151 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61152 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61153 <-> DISABLED <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt (os-linux.rules)
 * 1:61156 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell download attempt (malware-other.rules)
 * 1:61157 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell upload attempt (malware-other.rules)
 * 1:61158 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61159 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61160 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection (malware-cnc.rules)
 * 1:61161 <-> DISABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61162 <-> ENABLED <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt (os-linux.rules)
 * 3:61094 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt (policy-other.rules)
 * 3:61154 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61155 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61163 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)
 * 3:61164 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)
 * 3:61165 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)
 * 3:61166 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)

Modified Rules:


 * 1:60955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60956 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60961 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60957 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60960 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)

29190

2023-01-17 23:22:08 UTC

Snort Subscriber Rules Update

Date: 2023-01-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61096 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61145 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61146 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61097 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61102 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61104 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61103 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61105 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61106 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61107 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61108 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61109 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61110 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61111 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61112 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61113 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61114 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61115 <-> DISABLED <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt (server-other.rules)
 * 1:61116 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61117 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61118 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61119 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61120 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61121 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61122 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61123 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61124 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61125 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61126 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61127 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61128 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61129 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61130 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61131 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61132 <-> DISABLED <-> SERVER-OTHER Fscan scanner PHP object injection attempt (server-other.rules)
 * 1:61133 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61134 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61135 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61136 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61137 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61138 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61139 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61140 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61141 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61142 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61143 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61144 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61148 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61147 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61149 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61151 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61150 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61152 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61153 <-> DISABLED <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt (os-linux.rules)
 * 1:61156 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell download attempt (malware-other.rules)
 * 1:61157 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell upload attempt (malware-other.rules)
 * 1:61158 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61159 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61160 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection (malware-cnc.rules)
 * 1:61161 <-> DISABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61162 <-> ENABLED <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt (os-linux.rules)
 * 1:61095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 3:61094 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt (policy-other.rules)
 * 3:61154 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61155 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61163 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)
 * 3:61164 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)
 * 3:61165 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)
 * 3:61166 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)

Modified Rules:


 * 1:60955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60956 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60961 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60957 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60960 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)

29181

2023-01-17 23:22:08 UTC

Snort Subscriber Rules Update

Date: 2023-01-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61097 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61131 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61148 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61149 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61147 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61146 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61150 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61151 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61152 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61153 <-> DISABLED <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt (os-linux.rules)
 * 1:61156 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell download attempt (malware-other.rules)
 * 1:61157 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell upload attempt (malware-other.rules)
 * 1:61158 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61159 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61160 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection (malware-cnc.rules)
 * 1:61161 <-> DISABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61162 <-> ENABLED <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt (os-linux.rules)
 * 1:61096 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61102 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61103 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61105 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61104 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61106 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61107 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61108 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61109 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61110 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61111 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61112 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61113 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61114 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61115 <-> DISABLED <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt (server-other.rules)
 * 1:61116 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61117 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61118 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61119 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61120 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61121 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61122 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61123 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61124 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61125 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61126 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61127 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61128 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61129 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61130 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61134 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61133 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61132 <-> DISABLED <-> SERVER-OTHER Fscan scanner PHP object injection attempt (server-other.rules)
 * 1:61136 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61135 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61137 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61138 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61139 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61140 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61141 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61142 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61143 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61144 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61145 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 3:61155 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61163 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)
 * 3:61154 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61094 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt (policy-other.rules)
 * 3:61164 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)
 * 3:61165 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)
 * 3:61166 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)

Modified Rules:


 * 1:60954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60956 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60961 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60960 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60957 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)

29171

2023-01-17 23:22:08 UTC

Snort Subscriber Rules Update

Date: 2023-01-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61103 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61102 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61105 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61106 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61107 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61109 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61104 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61111 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61110 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61113 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61108 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61115 <-> DISABLED <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt (server-other.rules)
 * 1:61114 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61117 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61112 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61119 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61118 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61121 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61116 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61123 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61122 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61125 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61120 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61127 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61126 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61129 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61124 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61131 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61130 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61133 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61128 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61135 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61134 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61137 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61132 <-> DISABLED <-> SERVER-OTHER Fscan scanner PHP object injection attempt (server-other.rules)
 * 1:61139 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61138 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61141 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61136 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61140 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61160 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection (malware-cnc.rules)
 * 1:61148 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61153 <-> DISABLED <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt (os-linux.rules)
 * 1:61147 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61145 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61161 <-> DISABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61143 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61146 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61096 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61097 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61144 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61149 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61150 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61157 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell upload attempt (malware-other.rules)
 * 1:61156 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell download attempt (malware-other.rules)
 * 1:61158 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61159 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61162 <-> ENABLED <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt (os-linux.rules)
 * 1:61151 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61142 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61152 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 3:61164 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)
 * 3:61094 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt (policy-other.rules)
 * 3:61154 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61155 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61163 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)
 * 3:61166 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)
 * 3:61165 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)

Modified Rules:


 * 1:60955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60961 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60956 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60960 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60957 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)

29170

2023-01-17 23:22:08 UTC

Snort Subscriber Rules Update

Date: 2023-01-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61151 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61159 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61137 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61097 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61109 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61107 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61110 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61113 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61108 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61111 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61114 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61117 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61112 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61115 <-> DISABLED <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt (server-other.rules)
 * 1:61118 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61121 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61116 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61119 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61122 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61120 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61126 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61125 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61124 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61123 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61130 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61129 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61128 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61127 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61134 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61133 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61132 <-> DISABLED <-> SERVER-OTHER Fscan scanner PHP object injection attempt (server-other.rules)
 * 1:61131 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61136 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61135 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61142 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61139 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61141 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61140 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61138 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61160 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection (malware-cnc.rules)
 * 1:61143 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61145 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61144 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61146 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61147 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61153 <-> DISABLED <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt (os-linux.rules)
 * 1:61149 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61157 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell upload attempt (malware-other.rules)
 * 1:61161 <-> DISABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61158 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61152 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61148 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61162 <-> ENABLED <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt (os-linux.rules)
 * 1:61150 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61156 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell download attempt (malware-other.rules)
 * 1:61098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61096 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61102 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61106 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61104 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61103 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61105 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 3:61094 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt (policy-other.rules)
 * 3:61154 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61155 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61166 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)
 * 3:61165 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)
 * 3:61164 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)
 * 3:61163 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)

Modified Rules:


 * 1:60958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60961 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60960 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60957 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60956 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)

29161

2023-01-17 23:22:08 UTC

Snort Subscriber Rules Update

Date: 2023-01-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61097 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61096 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61143 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61102 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61103 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61104 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61105 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61106 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61107 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61108 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61109 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61158 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61110 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61111 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61112 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61162 <-> ENABLED <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt (os-linux.rules)
 * 1:61157 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell upload attempt (malware-other.rules)
 * 1:61159 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61113 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61114 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61115 <-> DISABLED <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt (server-other.rules)
 * 1:61116 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61117 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61151 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61118 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61119 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61120 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61121 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61122 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61156 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell download attempt (malware-other.rules)
 * 1:61144 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61123 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61124 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61125 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61126 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61127 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61145 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61128 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61129 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61153 <-> DISABLED <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt (os-linux.rules)
 * 1:61161 <-> DISABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61130 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61149 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61160 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection (malware-cnc.rules)
 * 1:61131 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61132 <-> DISABLED <-> SERVER-OTHER Fscan scanner PHP object injection attempt (server-other.rules)
 * 1:61133 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61148 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61146 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61150 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61152 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61147 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61134 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61135 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61136 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61137 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61138 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61139 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61140 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61141 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61142 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 3:61165 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)
 * 3:61166 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)
 * 3:61164 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)
 * 3:61155 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61154 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61094 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt (policy-other.rules)
 * 3:61163 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)

Modified Rules:


 * 1:60958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60960 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60956 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60961 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60957 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)

29160

2023-01-17 23:22:08 UTC

Snort Subscriber Rules Update

Date: 2023-01-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61110 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61149 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61118 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61103 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61104 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61105 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61125 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61156 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell download attempt (malware-other.rules)
 * 1:61159 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61161 <-> DISABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61138 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61141 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61144 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61140 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61145 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61147 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61139 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61143 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61134 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61117 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61108 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61130 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61120 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61113 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61106 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61137 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61123 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61107 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61136 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61116 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61114 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61124 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61121 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61162 <-> ENABLED <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt (os-linux.rules)
 * 1:61129 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61109 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61128 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61146 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61133 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61148 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61102 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61127 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61135 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61158 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61150 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61119 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61097 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61122 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61112 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61126 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61151 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61131 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61132 <-> DISABLED <-> SERVER-OTHER Fscan scanner PHP object injection attempt (server-other.rules)
 * 1:61152 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61160 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection (malware-cnc.rules)
 * 1:61157 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell upload attempt (malware-other.rules)
 * 1:61142 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61096 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61153 <-> DISABLED <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt (os-linux.rules)
 * 1:61111 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61115 <-> DISABLED <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt (server-other.rules)
 * 1:61098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 3:61165 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)
 * 3:61155 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61154 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61094 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt (policy-other.rules)
 * 3:61163 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)
 * 3:61164 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)
 * 3:61166 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)

Modified Rules:


 * 1:60958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60956 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60961 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60957 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60960 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)

29151

2023-01-17 23:22:08 UTC

Snort Subscriber Rules Update

Date: 2023-01-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61162 <-> ENABLED <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt (os-linux.rules)
 * 1:61151 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61159 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61152 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61102 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61103 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61104 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61105 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61106 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61107 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61108 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61109 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61160 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection (malware-cnc.rules)
 * 1:61148 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61110 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61144 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61111 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61112 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61113 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61147 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61114 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61156 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell download attempt (malware-other.rules)
 * 1:61115 <-> DISABLED <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt (server-other.rules)
 * 1:61145 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61116 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61117 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61118 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61119 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61120 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61146 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61121 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61122 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61123 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61124 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61125 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61126 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61096 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61127 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61097 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61128 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61129 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61130 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61150 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61131 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61132 <-> DISABLED <-> SERVER-OTHER Fscan scanner PHP object injection attempt (server-other.rules)
 * 1:61133 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61134 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61135 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61136 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61137 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61138 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61158 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61139 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61140 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61153 <-> DISABLED <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt (os-linux.rules)
 * 1:61157 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell upload attempt (malware-other.rules)
 * 1:61141 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61142 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61143 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61161 <-> DISABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61149 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 3:61094 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt (policy-other.rules)
 * 3:61164 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)
 * 3:61163 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)
 * 3:61155 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61154 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61166 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)
 * 3:61165 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)

Modified Rules:


 * 1:60958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60960 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60957 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60956 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60961 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)

29141

2023-01-17 23:22:08 UTC

Snort Subscriber Rules Update

Date: 2023-01-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61158 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61116 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61123 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61118 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61109 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61134 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61130 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61142 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61135 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61161 <-> DISABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61136 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61127 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61102 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61105 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61139 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61124 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61137 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61140 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61097 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61162 <-> ENABLED <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt (os-linux.rules)
 * 1:61141 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61147 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61153 <-> DISABLED <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt (os-linux.rules)
 * 1:61143 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61122 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61110 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61117 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61107 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61125 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61149 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61120 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61126 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61112 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61148 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61119 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61121 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61106 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61111 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61104 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61144 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61152 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61128 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61146 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61129 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61145 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61108 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61115 <-> DISABLED <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt (server-other.rules)
 * 1:61113 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61132 <-> DISABLED <-> SERVER-OTHER Fscan scanner PHP object injection attempt (server-other.rules)
 * 1:61103 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61131 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61096 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61133 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61138 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61159 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61160 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection (malware-cnc.rules)
 * 1:61114 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61150 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61151 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61156 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell download attempt (malware-other.rules)
 * 1:61157 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell upload attempt (malware-other.rules)
 * 3:61154 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61094 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt (policy-other.rules)
 * 3:61163 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)
 * 3:61165 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)
 * 3:61164 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)
 * 3:61155 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61166 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)

Modified Rules:


 * 1:60958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60956 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60961 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60957 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60960 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)

29130

2023-01-17 23:22:08 UTC

Snort Subscriber Rules Update

Date: 2023-01-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61153 <-> DISABLED <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt (os-linux.rules)
 * 1:61150 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61152 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61158 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61146 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61161 <-> DISABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61149 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61097 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61151 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61159 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61156 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell download attempt (malware-other.rules)
 * 1:61105 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61160 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection (malware-cnc.rules)
 * 1:61147 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61148 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61106 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61107 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61108 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61109 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61110 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61111 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61112 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61113 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61114 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61115 <-> DISABLED <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt (server-other.rules)
 * 1:61096 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61116 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61117 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61157 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell upload attempt (malware-other.rules)
 * 1:61118 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61119 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61120 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61121 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61162 <-> ENABLED <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt (os-linux.rules)
 * 1:61122 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61123 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61124 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61125 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61126 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61127 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61128 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61129 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61130 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61131 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61132 <-> DISABLED <-> SERVER-OTHER Fscan scanner PHP object injection attempt (server-other.rules)
 * 1:61133 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61134 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61135 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61103 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61102 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61136 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61104 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61137 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61138 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61139 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61140 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61141 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61142 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61143 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61144 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61145 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 3:61165 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)
 * 3:61163 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)
 * 3:61166 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)
 * 3:61154 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61094 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt (policy-other.rules)
 * 3:61155 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61164 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)

Modified Rules:


 * 1:60958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60961 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60956 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60960 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60957 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)

29111

2023-01-17 23:22:08 UTC

Snort Subscriber Rules Update

Date: 2023-01-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61161 <-> DISABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61123 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61112 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61125 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61138 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61120 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61141 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61150 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61108 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61097 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61145 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61156 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell download attempt (malware-other.rules)
 * 1:61095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61119 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61148 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61133 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61162 <-> ENABLED <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt (os-linux.rules)
 * 1:61116 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61151 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61147 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61136 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61152 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61102 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61142 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61131 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61157 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell upload attempt (malware-other.rules)
 * 1:61118 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61115 <-> DISABLED <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt (server-other.rules)
 * 1:61126 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61137 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61117 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61110 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61106 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61128 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61121 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61111 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61160 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection (malware-cnc.rules)
 * 1:61143 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61127 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61129 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61113 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61107 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61114 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61144 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61149 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61096 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61159 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61109 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61122 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61124 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61135 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61103 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61130 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61158 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61104 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61146 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61105 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61132 <-> DISABLED <-> SERVER-OTHER Fscan scanner PHP object injection attempt (server-other.rules)
 * 1:61139 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61140 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61153 <-> DISABLED <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt (os-linux.rules)
 * 1:61134 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 3:61165 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)
 * 3:61164 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)
 * 3:61154 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61155 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt (server-other.rules)
 * 3:61166 <-> ENABLED <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt (browser-chrome.rules)
 * 3:61163 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt (file-office.rules)
 * 3:61094 <-> ENABLED <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt (policy-other.rules)

Modified Rules:


 * 1:60958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60961 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60956 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60960 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60957 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)

3000

2023-01-17 23:22:08 UTC

Snort Subscriber Rules Update

Date: 2023-01-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61111 <-> ENABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (snort3-server-other.rules)
 * 1:61103 <-> ENABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (snort3-server-webapp.rules)
 * 1:61108 <-> ENABLED <-> SERVER-OTHER Fscan scanner command injection attempt (snort3-server-other.rules)
 * 1:61112 <-> ENABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (snort3-server-other.rules)
 * 1:61110 <-> ENABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (snort3-server-other.rules)
 * 1:61123 <-> ENABLED <-> SERVER-OTHER Fscan scanner command injection attempt (snort3-server-other.rules)
 * 1:61117 <-> ENABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (snort3-server-other.rules)
 * 1:61162 <-> ENABLED <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt (snort3-os-linux.rules)
 * 1:61160 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection (snort3-malware-cnc.rules)
 * 1:61104 <-> ENABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (snort3-server-webapp.rules)
 * 1:61151 <-> ENABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (snort3-server-other.rules)
 * 1:61105 <-> ENABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (snort3-server-webapp.rules)
 * 1:61141 <-> ENABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (snort3-server-other.rules)
 * 1:61150 <-> ENABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (snort3-server-other.rules)
 * 1:61126 <-> ENABLED <-> SERVER-OTHER Fscan scanner command injection attempt (snort3-server-other.rules)
 * 1:61130 <-> ENABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (snort3-server-other.rules)
 * 1:61149 <-> ENABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (snort3-server-other.rules)
 * 1:61137 <-> ENABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (snort3-server-other.rules)
 * 1:61146 <-> ENABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (snort3-server-other.rules)
 * 1:61107 <-> ENABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (snort3-server-other.rules)
 * 1:61152 <-> ENABLED <-> SERVER-OTHER Fscan scanner command injection attempt (snort3-server-other.rules)
 * 1:61119 <-> ENABLED <-> SERVER-OTHER Fscan scanner command injection attempt (snort3-server-other.rules)
 * 1:61136 <-> ENABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (snort3-server-other.rules)
 * 1:61125 <-> ENABLED <-> SERVER-OTHER Fscan scanner command injection attempt (snort3-server-other.rules)
 * 1:61140 <-> ENABLED <-> SERVER-WEBAPP GENERATED SQL injection attempt (snort3-server-webapp.rules)
 * 1:61120 <-> ENABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (snort3-server-other.rules)
 * 1:61118 <-> ENABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (snort3-server-other.rules)
 * 1:61145 <-> ENABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (snort3-server-other.rules)
 * 1:61147 <-> ENABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (snort3-server-other.rules)
 * 1:61132 <-> ENABLED <-> SERVER-OTHER Fscan scanner PHP object injection attempt (snort3-server-other.rules)
 * 1:61121 <-> ENABLED <-> SERVER-OTHER Fscan scanner command injection attempt (snort3-server-other.rules)
 * 1:61135 <-> ENABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (snort3-server-other.rules)
 * 1:61131 <-> ENABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (snort3-server-other.rules)
 * 1:61113 <-> ENABLED <-> SERVER-OTHER Fscan scanner command injection attempt (snort3-server-other.rules)
 * 1:61139 <-> ENABLED <-> SERVER-OTHER Fscan scanner command injection attempt (snort3-server-other.rules)
 * 1:61124 <-> ENABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (snort3-server-other.rules)
 * 1:61153 <-> ENABLED <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt (snort3-os-linux.rules)
 * 1:61158 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (snort3-malware-cnc.rules)
 * 1:61114 <-> ENABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (snort3-server-other.rules)
 * 1:61133 <-> ENABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (snort3-server-other.rules)
 * 1:61143 <-> ENABLED <-> SERVER-OTHER Fscan scanner command injection attempt (snort3-server-other.rules)
 * 1:61138 <-> ENABLED <-> SERVER-OTHER Fscan scanner command injection attempt (snort3-server-other.rules)
 * 1:61144 <-> ENABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (snort3-server-other.rules)
 * 1:61161 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (snort3-malware-cnc.rules)
 * 1:61129 <-> ENABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (snort3-server-other.rules)
 * 1:61159 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (snort3-malware-cnc.rules)
 * 1:61109 <-> ENABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (snort3-server-other.rules)
 * 1:61106 <-> ENABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (snort3-server-other.rules)
 * 1:61134 <-> ENABLED <-> SERVER-OTHER Fscan scanner command injection attempt (snort3-server-other.rules)
 * 1:61115 <-> ENABLED <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt (snort3-server-other.rules)
 * 1:61127 <-> ENABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (snort3-server-other.rules)
 * 1:61128 <-> ENABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (snort3-server-other.rules)
 * 1:61116 <-> ENABLED <-> SERVER-OTHER Fscan scanner command injection attempt (snort3-server-other.rules)
 * 1:61122 <-> ENABLED <-> SERVER-OTHER Fscan scanner command injection attempt (snort3-server-other.rules)
 * 1:61142 <-> ENABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (snort3-server-other.rules)
 * 1:61148 <-> ENABLED <-> SERVER-OTHER Fscan scanner command injection attempt (snort3-server-other.rules)

Modified Rules:

2983

2023-01-17 23:22:08 UTC

Snort Subscriber Rules Update

Date: 2023-01-17

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:61156 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell download attempt (malware-other.rules)
 * 1:61138 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61157 <-> ENABLED <-> MALWARE-OTHER JSP.Webshell.JSP2Shell upload attempt (malware-other.rules)
 * 1:61125 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61130 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61143 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61139 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61142 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61123 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61150 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61124 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61160 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection (malware-cnc.rules)
 * 1:61148 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61151 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61133 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61129 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61153 <-> DISABLED <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt (os-linux.rules)
 * 1:61134 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61159 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61146 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61135 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61136 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61137 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61149 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61141 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61161 <-> DISABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61131 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61152 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61095 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61096 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61097 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61098 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:61099 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61100 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61101 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61102 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt (os-windows.rules)
 * 1:61103 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61104 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61105 <-> DISABLED <-> SERVER-WEBAPP ZenTao Pro command injection attempt (server-webapp.rules)
 * 1:61127 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61106 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61107 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61108 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61109 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61110 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61111 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61112 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61132 <-> DISABLED <-> SERVER-OTHER Fscan scanner PHP object injection attempt (server-other.rules)
 * 1:61145 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61113 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61114 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61115 <-> DISABLED <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt (server-other.rules)
 * 1:61126 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61116 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61117 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61128 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61118 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61147 <-> DISABLED <-> SERVER-OTHER Fscan scanner directory traversal attempt (server-other.rules)
 * 1:61158 <-> ENABLED <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection (malware-cnc.rules)
 * 1:61119 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61144 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61120 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61121 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)
 * 1:61140 <-> DISABLED <-> SERVER-OTHER Fscan scanner SQL injection attempt (server-other.rules)
 * 1:61122 <-> DISABLED <-> SERVER-OTHER Fscan scanner command injection attempt (server-other.rules)

Modified Rules:


 * 1:60961 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60960 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60957 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)
 * 1:60956 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt (malware-other.rules)

3031

2023-01-17 23:25:18 UTC

Snort Subscriber Rules Update

Date: 2023-01-17-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300365 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300366 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300367 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300368 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300369 <-> MALWARE-OTHER JSP.Webshell.JSP2Shell transfer attempt
* 3:61094 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61109 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61114 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61117 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61120 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61122 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61123 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61124 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61126 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61127 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-OTHER Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61135 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61139 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP GENERATED SQL injection attempt
* 1:61141 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61144 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61149 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61153 <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt
* 3:61154 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 3:61155 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 1:61158 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61159 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61160 <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection
* 1:61161 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61162 <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt
* 3:61163 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61164 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61165 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt
* 3:61166 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt

Modified Rules:

* 1:300332 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300333 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300334 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300335 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt

3034

2023-01-17 23:25:18 UTC

Snort Subscriber Rules Update

Date: 2023-01-17-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300365 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300366 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300367 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300368 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300369 <-> MALWARE-OTHER JSP.Webshell.JSP2Shell transfer attempt
* 3:61094 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61109 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61114 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61117 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61120 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61122 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61123 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61124 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61126 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61127 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-OTHER Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61135 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61139 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP GENERATED SQL injection attempt
* 1:61141 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61144 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61149 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61153 <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt
* 3:61154 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 3:61155 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 1:61158 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61159 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61160 <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection
* 1:61161 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61162 <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt
* 3:61163 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61164 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61165 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt
* 3:61166 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt

Modified Rules:

* 1:300332 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300333 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300334 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300335 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt

3100

2023-01-17 23:25:18 UTC

Snort Subscriber Rules Update

Date: 2023-01-17-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300365 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300366 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300367 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300368 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300369 <-> MALWARE-OTHER JSP.Webshell.JSP2Shell transfer attempt
* 3:61094 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61109 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61114 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61117 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61120 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61122 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61123 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61124 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61126 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61127 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-OTHER Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61135 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61139 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP GENERATED SQL injection attempt
* 1:61141 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61144 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61149 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61153 <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt
* 3:61154 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 3:61155 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 1:61158 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61159 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61160 <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection
* 1:61161 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61162 <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt
* 3:61163 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61164 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61165 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt
* 3:61166 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt

Modified Rules:

* 1:300332 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300333 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300334 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300335 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt

3101

2023-01-17 23:25:18 UTC

Snort Subscriber Rules Update

Date: 2023-01-17-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300365 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300366 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300367 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300368 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300369 <-> MALWARE-OTHER JSP.Webshell.JSP2Shell transfer attempt
* 3:61094 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61109 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61114 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61117 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61120 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61122 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61123 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61124 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61126 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61127 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-OTHER Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61135 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61139 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP GENERATED SQL injection attempt
* 1:61141 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61144 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61149 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61153 <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt
* 3:61154 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 3:61155 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 1:61158 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61159 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61160 <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection
* 1:61161 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61162 <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt
* 3:61163 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61164 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61165 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt
* 3:61166 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt

Modified Rules:

* 1:300332 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300333 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300334 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300335 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt

3110

2023-01-17 23:25:18 UTC

Snort Subscriber Rules Update

Date: 2023-01-17-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300365 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300366 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300367 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300368 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300369 <-> MALWARE-OTHER JSP.Webshell.JSP2Shell transfer attempt
* 3:61094 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61109 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61114 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61117 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61120 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61122 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61123 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61124 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61126 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61127 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-OTHER Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61135 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61139 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP GENERATED SQL injection attempt
* 1:61141 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61144 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61149 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61153 <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt
* 3:61154 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 3:61155 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 1:61158 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61159 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61160 <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection
* 1:61161 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61162 <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt
* 3:61163 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61164 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61165 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt
* 3:61166 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt

Modified Rules:

* 1:300332 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300333 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300334 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300335 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt

3130

2023-01-17 23:25:18 UTC

Snort Subscriber Rules Update

Date: 2023-01-17-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300365 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300366 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300367 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300368 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300369 <-> MALWARE-OTHER JSP.Webshell.JSP2Shell transfer attempt
* 3:61094 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61109 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61114 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61117 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61120 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61122 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61123 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61124 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61126 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61127 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-OTHER Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61135 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61139 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP GENERATED SQL injection attempt
* 1:61141 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61144 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61149 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61153 <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt
* 3:61154 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 3:61155 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 1:61158 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61159 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61160 <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection
* 1:61161 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61162 <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt
* 3:61163 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61164 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61165 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt
* 3:61166 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt

Modified Rules:

* 1:300332 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300333 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300334 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300335 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt

3140

2023-01-17 23:25:18 UTC

Snort Subscriber Rules Update

Date: 2023-01-17-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300365 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300366 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300367 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300368 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300369 <-> MALWARE-OTHER JSP.Webshell.JSP2Shell transfer attempt
* 3:61094 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61109 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61114 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61117 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61120 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61122 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61123 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61124 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61126 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61127 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-OTHER Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61135 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61139 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP GENERATED SQL injection attempt
* 1:61141 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61144 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61149 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61153 <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt
* 3:61154 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 3:61155 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 1:61158 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61159 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61160 <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection
* 1:61161 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61162 <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt
* 3:61163 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61164 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61165 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt
* 3:61166 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt

Modified Rules:

* 1:300332 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300333 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300334 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300335 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt

3150

2023-01-17 23:25:18 UTC

Snort Subscriber Rules Update

Date: 2023-01-17-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300365 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300366 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300367 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300368 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300369 <-> MALWARE-OTHER JSP.Webshell.JSP2Shell transfer attempt
* 3:61094 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61109 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61114 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61117 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61120 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61122 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61123 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61124 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61126 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61127 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-OTHER Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61135 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61139 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP GENERATED SQL injection attempt
* 1:61141 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61144 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61149 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61153 <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt
* 3:61154 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 3:61155 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 1:61158 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61159 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61160 <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection
* 1:61161 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61162 <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt
* 3:61163 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61164 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61165 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt
* 3:61166 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt

Modified Rules:

* 1:300332 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300333 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300334 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300335 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt

3170

2023-01-17 23:25:18 UTC

Snort Subscriber Rules Update

Date: 2023-01-17-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300365 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300366 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300367 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300368 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300369 <-> MALWARE-OTHER JSP.Webshell.JSP2Shell transfer attempt
* 3:61094 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61109 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61114 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61117 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61120 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61122 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61123 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61124 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61126 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61127 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-OTHER Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61135 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61139 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP GENERATED SQL injection attempt
* 1:61141 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61144 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61149 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61153 <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt
* 3:61154 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 3:61155 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 1:61158 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61159 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61160 <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection
* 1:61161 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61162 <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt
* 3:61163 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61164 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61165 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt
* 3:61166 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt

Modified Rules:

* 1:300332 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300333 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300334 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300335 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt

3190

2023-01-17 23:25:18 UTC

Snort Subscriber Rules Update

Date: 2023-01-17-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300365 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300366 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300367 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300368 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300369 <-> MALWARE-OTHER JSP.Webshell.JSP2Shell transfer attempt
* 3:61094 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61109 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61114 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61117 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61120 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61122 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61123 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61124 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61126 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61127 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-OTHER Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61135 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61139 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP GENERATED SQL injection attempt
* 1:61141 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61144 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61149 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61153 <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt
* 3:61154 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 3:61155 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 1:61158 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61159 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61160 <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection
* 1:61161 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61162 <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt
* 3:61163 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61164 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61165 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt
* 3:61166 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt

Modified Rules:

* 1:300332 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300333 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300334 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300335 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt

31110

2023-01-17 23:25:19 UTC

Snort Subscriber Rules Update

Date: 2023-01-17-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300365 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300366 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300367 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300368 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300369 <-> MALWARE-OTHER JSP.Webshell.JSP2Shell transfer attempt
* 3:61094 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61109 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61114 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61117 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61120 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61122 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61123 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61124 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61126 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61127 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-OTHER Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61135 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61139 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP GENERATED SQL injection attempt
* 1:61141 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61144 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61149 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61153 <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt
* 3:61154 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 3:61155 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 1:61158 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61159 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61160 <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection
* 1:61161 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61162 <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt
* 3:61163 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61164 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61165 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt
* 3:61166 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt

Modified Rules:

* 1:300332 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300333 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300334 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300335 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt

31150

2023-01-17 23:25:19 UTC

Snort Subscriber Rules Update

Date: 2023-01-17-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300365 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300366 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300367 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300368 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300369 <-> MALWARE-OTHER JSP.Webshell.JSP2Shell transfer attempt
* 3:61094 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61109 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61114 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61117 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61120 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61122 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61123 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61124 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61126 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61127 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-OTHER Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61135 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61139 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP GENERATED SQL injection attempt
* 1:61141 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61144 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61149 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61153 <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt
* 3:61154 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 3:61155 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 1:61158 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61159 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61160 <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection
* 1:61161 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61162 <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt
* 3:61163 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61164 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61165 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt
* 3:61166 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt

Modified Rules:

* 1:300332 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300333 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300334 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300335 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt

31180

2023-01-17 23:25:19 UTC

Snort Subscriber Rules Update

Date: 2023-01-17-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300365 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300366 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300367 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300368 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300369 <-> MALWARE-OTHER JSP.Webshell.JSP2Shell transfer attempt
* 3:61094 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61109 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61114 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61117 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61120 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61122 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61123 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61124 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61126 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61127 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-OTHER Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61135 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61139 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP GENERATED SQL injection attempt
* 1:61141 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61144 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61149 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61153 <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt
* 3:61154 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 3:61155 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 1:61158 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61159 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61160 <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection
* 1:61161 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61162 <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt
* 3:61163 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61164 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61165 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt
* 3:61166 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt

Modified Rules:

* 1:300332 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300333 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300334 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300335 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt

31200

2023-01-17 23:25:19 UTC

Snort Subscriber Rules Update

Date: 2023-01-17-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300365 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300366 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300367 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300368 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300369 <-> MALWARE-OTHER JSP.Webshell.JSP2Shell transfer attempt
* 3:61094 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61109 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61114 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61117 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61120 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61122 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61123 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61124 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61126 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61127 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-OTHER Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61135 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61139 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP GENERATED SQL injection attempt
* 1:61141 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61144 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61149 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61153 <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt
* 3:61154 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 3:61155 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 1:61158 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61159 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61160 <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection
* 1:61161 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61162 <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt
* 3:61163 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61164 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61165 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt
* 3:61166 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt

Modified Rules:

* 1:300332 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300333 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300334 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300335 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt

31210

2023-01-17 23:25:19 UTC

Snort Subscriber Rules Update

Date: 2023-01-17-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300365 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300366 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300367 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300368 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300369 <-> MALWARE-OTHER JSP.Webshell.JSP2Shell transfer attempt
* 3:61094 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61109 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61114 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61117 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61120 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61122 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61123 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61124 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61126 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61127 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-OTHER Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61135 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61139 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP GENERATED SQL injection attempt
* 1:61141 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61144 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61149 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61153 <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt
* 3:61154 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 3:61155 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 1:61158 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61159 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61160 <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection
* 1:61161 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61162 <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt
* 3:61163 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61164 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61165 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt
* 3:61166 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt

Modified Rules:

* 1:300332 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300333 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300334 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300335 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt

31350

2023-01-17 23:25:19 UTC

Snort Subscriber Rules Update

Date: 2023-01-17-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.35.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300365 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300366 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300367 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300368 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300369 <-> MALWARE-OTHER JSP.Webshell.JSP2Shell transfer attempt
* 3:61094 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61109 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61114 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61117 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61120 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61122 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61123 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61124 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61126 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61127 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-OTHER Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61135 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61139 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP GENERATED SQL injection attempt
* 1:61141 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61144 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61149 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61153 <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt
* 3:61154 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 3:61155 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 1:61158 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61159 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61160 <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection
* 1:61161 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61162 <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt
* 3:61163 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61164 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61165 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt
* 3:61166 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt

Modified Rules:

* 1:300332 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300333 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300334 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300335 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt

31440

2023-01-17 23:25:19 UTC

Snort Subscriber Rules Update

Date: 2023-01-17-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.44.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300365 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300366 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300367 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300368 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300369 <-> MALWARE-OTHER JSP.Webshell.JSP2Shell transfer attempt
* 3:61094 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61109 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61114 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61117 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61120 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61122 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61123 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61124 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61126 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61127 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-OTHER Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61135 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61139 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP GENERATED SQL injection attempt
* 1:61141 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61144 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61149 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61153 <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt
* 3:61154 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 3:61155 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 1:61158 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61159 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61160 <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection
* 1:61161 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61162 <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt
* 3:61163 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61164 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61165 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt
* 3:61166 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt

Modified Rules:

* 1:300332 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300333 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300334 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300335 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt

31470

2023-01-17 23:25:19 UTC

Snort Subscriber Rules Update

Date: 2023-01-17-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.47.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:300365 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300366 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300367 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300368 <-> OS-WINDOWS Microsoft Windows malicious LNK file download attempt
* 1:300369 <-> MALWARE-OTHER JSP.Webshell.JSP2Shell transfer attempt
* 3:61094 <-> POLICY-OTHER TRUFFLEHUNTER TALOS-2023-1692 attack attempt
* 1:61103 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61104 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61105 <-> SERVER-WEBAPP ZenTao Pro command injection attempt
* 1:61106 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61107 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61108 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61109 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61110 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61111 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61112 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61113 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61114 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61115 <-> SERVER-OTHER Fscan scanner arbitrary JSP file upload attempt
* 1:61116 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61117 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61118 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61119 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61120 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61121 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61122 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61123 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61124 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61125 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61126 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61127 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61128 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61129 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61130 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61131 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61132 <-> SERVER-OTHER Fscan scanner PHP object injection attempt
* 1:61133 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61134 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61135 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61136 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61137 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61138 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61139 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61140 <-> SERVER-WEBAPP GENERATED SQL injection attempt
* 1:61141 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61142 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61143 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61144 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61145 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61146 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61147 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61148 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61149 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61150 <-> SERVER-OTHER Fscan scanner directory traversal attempt
* 1:61151 <-> SERVER-OTHER Fscan scanner SQL injection attempt
* 1:61152 <-> SERVER-OTHER Fscan scanner command injection attempt
* 1:61153 <-> OS-LINUX Linux Kernel ksmbd smb2write out of bounds read attempt
* 3:61154 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 3:61155 <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2023-1690 attack attempt
* 1:61158 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61159 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61160 <-> MALWARE-CNC JSP.Webshell.JSP2Shell outbound connection
* 1:61161 <-> MALWARE-CNC JSP.Webshell.JSP2Shell inbound connection
* 1:61162 <-> OS-LINUX Linux Kernel ksmbd heap-based buffer overflow attempt
* 3:61163 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61164 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2022-1687 attack attempt
* 3:61165 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt
* 3:61166 <-> BROWSER-CHROME TRUFFLEHUNTER TALOS-2023-1693 attack attempt

Modified Rules:

* 1:300332 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300333 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300334 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt
* 1:300335 <-> MALWARE-OTHER Win.Malware.Gazer variant download attempt