Talos has added and modified multiple rules in the browser-ie, malware-cnc, malware-tools, policy-other, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63521 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63522 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63523 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63524 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63525 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 1:63526 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 1:63527 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:63528 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63529 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63530 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63531 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63532 <-> ENABLED <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt (server-webapp.rules) * 1:63533 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63534 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63535 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63536 <-> DISABLED <-> SERVER-WEBAPP Arcadyan routers path traversal attempt (server-webapp.rules) * 1:63537 <-> DISABLED <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt (server-webapp.rules) * 1:63538 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection (malware-cnc.rules) * 1:63539 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:63540 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63541 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63542 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 1:63543 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 1:63544 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 1:63545 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 1:63546 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 1:63547 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 1:63548 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63549 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63550 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 1:63551 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 3:63552 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt (server-webapp.rules)
* 1:29671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:37571 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:37573 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:53744 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP Multiple products directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63551 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 1:63544 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 1:63524 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63525 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 1:63527 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:63521 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63523 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63528 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63529 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63530 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63531 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63532 <-> ENABLED <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt (server-webapp.rules) * 1:63533 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63534 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63535 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63536 <-> DISABLED <-> SERVER-WEBAPP Arcadyan routers path traversal attempt (server-webapp.rules) * 1:63537 <-> DISABLED <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt (server-webapp.rules) * 1:63538 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection (malware-cnc.rules) * 1:63539 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:63540 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63541 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63542 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 1:63547 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 1:63546 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 1:63545 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 1:63548 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63526 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 1:63549 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63550 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 1:63522 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63543 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 3:63552 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt (server-webapp.rules)
* 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:37571 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:37573 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP Multiple products directory traversal attempt (server-webapp.rules) * 1:53744 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules) * 1:29671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63521 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63523 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63522 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63545 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 1:63546 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 1:63548 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63549 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63547 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 1:63550 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 1:63528 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63551 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 1:63526 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 1:63524 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63527 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:63538 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection (malware-cnc.rules) * 1:63535 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63536 <-> DISABLED <-> SERVER-WEBAPP Arcadyan routers path traversal attempt (server-webapp.rules) * 1:63537 <-> DISABLED <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt (server-webapp.rules) * 1:63525 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 1:63530 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63529 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63531 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63532 <-> ENABLED <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt (server-webapp.rules) * 1:63534 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63533 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63539 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:63541 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63540 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63543 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 1:63542 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 1:63544 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 3:63552 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt (server-webapp.rules)
* 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:37573 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP Multiple products directory traversal attempt (server-webapp.rules) * 1:53744 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:29671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:37571 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63543 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 1:63545 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 1:63522 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63523 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63551 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 1:63521 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63535 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63528 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63546 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 1:63524 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63541 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63550 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 1:63548 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63549 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63527 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:63536 <-> DISABLED <-> SERVER-WEBAPP Arcadyan routers path traversal attempt (server-webapp.rules) * 1:63537 <-> DISABLED <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt (server-webapp.rules) * 1:63539 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:63538 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection (malware-cnc.rules) * 1:63534 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63540 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63542 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 1:63525 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 1:63526 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 1:63529 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63531 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63532 <-> ENABLED <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt (server-webapp.rules) * 1:63533 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63530 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63544 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 1:63547 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 3:63552 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt (server-webapp.rules)
* 1:29671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:37573 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP Multiple products directory traversal attempt (server-webapp.rules) * 1:53744 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:37571 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63524 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63529 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63546 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 1:63538 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection (malware-cnc.rules) * 1:63539 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:63540 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63551 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 1:63548 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63550 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 1:63544 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 1:63521 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63527 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:63526 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 1:63533 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63532 <-> ENABLED <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt (server-webapp.rules) * 1:63531 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63530 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63534 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63525 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 1:63549 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63547 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 1:63522 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63543 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 1:63523 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63536 <-> DISABLED <-> SERVER-WEBAPP Arcadyan routers path traversal attempt (server-webapp.rules) * 1:63541 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63528 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63542 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 1:63535 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63537 <-> DISABLED <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt (server-webapp.rules) * 1:63545 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 3:63552 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt (server-webapp.rules)
* 1:29671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:37571 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:37573 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP Multiple products directory traversal attempt (server-webapp.rules) * 1:53744 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63547 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 1:63546 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 1:63521 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63548 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63523 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63545 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 1:63526 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 1:63533 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63551 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 1:63534 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63530 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63529 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63525 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 1:63524 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63538 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection (malware-cnc.rules) * 1:63535 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63536 <-> DISABLED <-> SERVER-WEBAPP Arcadyan routers path traversal attempt (server-webapp.rules) * 1:63542 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 1:63537 <-> DISABLED <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt (server-webapp.rules) * 1:63540 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63539 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:63541 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63544 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 1:63543 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 1:63522 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63549 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63532 <-> ENABLED <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt (server-webapp.rules) * 1:63531 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63528 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63527 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:63550 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 3:63552 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt (server-webapp.rules)
* 1:29671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:37573 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP Multiple products directory traversal attempt (server-webapp.rules) * 1:53744 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules) * 1:37571 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63525 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 1:63534 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63545 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 1:63532 <-> ENABLED <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt (server-webapp.rules) * 1:63547 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 1:63546 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 1:63550 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 1:63526 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 1:63528 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63521 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63549 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63524 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63536 <-> DISABLED <-> SERVER-WEBAPP Arcadyan routers path traversal attempt (server-webapp.rules) * 1:63535 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63540 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63537 <-> DISABLED <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt (server-webapp.rules) * 1:63538 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection (malware-cnc.rules) * 1:63544 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 1:63541 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63542 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 1:63530 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63539 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:63527 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:63543 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 1:63531 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63533 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63548 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63529 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63522 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63551 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 1:63523 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 3:63552 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt (server-webapp.rules)
* 1:29671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules) * 1:53744 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:37571 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:37573 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP Multiple products directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63527 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:63529 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63536 <-> DISABLED <-> SERVER-WEBAPP Arcadyan routers path traversal attempt (server-webapp.rules) * 1:63530 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63543 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 1:63547 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 1:63528 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63524 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63526 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 1:63531 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63539 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:63521 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63532 <-> ENABLED <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt (server-webapp.rules) * 1:63544 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 1:63523 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63533 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63545 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 1:63546 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 1:63548 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63522 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63551 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 1:63541 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63542 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 1:63538 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection (malware-cnc.rules) * 1:63550 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 1:63537 <-> DISABLED <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt (server-webapp.rules) * 1:63549 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63540 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63534 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63535 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63525 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 3:63552 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt (server-webapp.rules)
* 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules) * 1:37571 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:37573 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP Multiple products directory traversal attempt (server-webapp.rules) * 1:53744 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:29671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63549 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63521 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63523 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63546 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 1:63526 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 1:63545 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 1:63544 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 1:63533 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63532 <-> ENABLED <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt (server-webapp.rules) * 1:63550 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 1:63524 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63534 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63528 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63537 <-> DISABLED <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt (server-webapp.rules) * 1:63522 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63551 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 1:63529 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63539 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:63541 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63538 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection (malware-cnc.rules) * 1:63543 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 1:63542 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 1:63535 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63536 <-> DISABLED <-> SERVER-WEBAPP Arcadyan routers path traversal attempt (server-webapp.rules) * 1:63547 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 1:63540 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63530 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63527 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:63531 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63548 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63525 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 3:63552 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt (server-webapp.rules)
* 1:29671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:37573 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP Multiple products directory traversal attempt (server-webapp.rules) * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules) * 1:53744 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:37571 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63546 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 1:63548 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63545 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 1:63523 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63547 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 1:63526 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 1:63521 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63539 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:63533 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63527 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:63530 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63524 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63551 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 1:63534 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63537 <-> DISABLED <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt (server-webapp.rules) * 1:63541 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63532 <-> ENABLED <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt (server-webapp.rules) * 1:63542 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 1:63531 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63522 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63550 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 1:63525 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 1:63543 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 1:63544 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 1:63540 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63529 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63549 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63538 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection (malware-cnc.rules) * 1:63528 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63536 <-> DISABLED <-> SERVER-WEBAPP Arcadyan routers path traversal attempt (server-webapp.rules) * 1:63535 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 3:63552 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt (server-webapp.rules)
* 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules) * 1:29671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:37573 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:37571 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP Multiple products directory traversal attempt (server-webapp.rules) * 1:53744 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:63546 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 1:63524 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63522 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63551 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 1:63534 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63527 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules) * 1:63539 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:63548 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63526 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 1:63529 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63523 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63533 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63544 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 1:63545 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt (malware-tools.rules) * 1:63532 <-> ENABLED <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt (server-webapp.rules) * 1:63549 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt (malware-tools.rules) * 1:63536 <-> DISABLED <-> SERVER-WEBAPP Arcadyan routers path traversal attempt (server-webapp.rules) * 1:63537 <-> DISABLED <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt (server-webapp.rules) * 1:63531 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63542 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 1:63535 <-> DISABLED <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt (policy-other.rules) * 1:63547 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt (malware-tools.rules) * 1:63528 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63538 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection (malware-cnc.rules) * 1:63525 <-> DISABLED <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt (server-other.rules) * 1:63541 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63521 <-> ENABLED <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection (malware-cnc.rules) * 1:63540 <-> DISABLED <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt (malware-tools.rules) * 1:63530 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt (server-webapp.rules) * 1:63543 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt (malware-tools.rules) * 1:63550 <-> DISABLED <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt (malware-tools.rules) * 3:63552 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt (server-webapp.rules)
* 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:37571 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:34889 <-> DISABLED <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt (server-other.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP Multiple products directory traversal attempt (server-webapp.rules) * 1:37573 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt (browser-ie.rules) * 1:29671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt (browser-ie.rules) * 1:53744 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt (server-oracle.rules)
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300923 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:300924 <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt * 1:300925 <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt * 1:300926 <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt * 1:300927 <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt * 1:300928 <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt * 1:300929 <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt * 1:63521 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63522 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63523 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63524 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63525 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63526 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63527 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:63528 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63529 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63530 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63531 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63532 <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt * 1:63533 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:63536 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63537 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63538 <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection * 3:63552 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 3:28487 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 3:28488 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 1:29671 <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt * 1:300007 <-> SERVER-WEBAPP Multiple products directory traversal attempt * 1:34878 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34879 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34880 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34889 <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt * 1:37571 <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt * 1:53744 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:300923 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:300924 <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt * 1:300925 <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt * 1:300926 <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt * 1:300927 <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt * 1:300928 <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt * 1:300929 <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt * 1:63521 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63522 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63523 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63524 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63525 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63526 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63527 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:63528 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63529 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63530 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63531 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63532 <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt * 1:63533 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:63536 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63537 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63538 <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection * 3:63552 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 3:28487 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 3:28488 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 1:29671 <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt * 1:300007 <-> SERVER-WEBAPP Multiple products directory traversal attempt * 1:34878 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34879 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34880 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34889 <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt * 1:37571 <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt * 1:53744 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:300923 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:300924 <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt * 1:300925 <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt * 1:300926 <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt * 1:300927 <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt * 1:300928 <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt * 1:300929 <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt * 1:63521 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63522 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63523 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63524 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63525 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63526 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63527 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:63528 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63529 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63530 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63531 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63532 <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt * 1:63533 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:63536 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63537 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63538 <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection * 3:63552 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 3:28487 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 3:28488 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 1:29671 <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt * 1:300007 <-> SERVER-WEBAPP Multiple products directory traversal attempt * 1:34878 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34879 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34880 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34889 <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt * 1:37571 <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt * 1:53744 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300923 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:300924 <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt * 1:300925 <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt * 1:300926 <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt * 1:300927 <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt * 1:300928 <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt * 1:300929 <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt * 1:63521 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63522 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63523 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63524 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63525 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63526 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63527 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:63528 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63529 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63530 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63531 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63532 <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt * 1:63533 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:63536 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63537 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63538 <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection * 3:63552 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 3:28487 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 3:28488 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 1:29671 <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt * 1:300007 <-> SERVER-WEBAPP Multiple products directory traversal attempt * 1:34878 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34879 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34880 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34889 <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt * 1:37571 <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt * 1:53744 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:300923 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:300924 <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt * 1:300925 <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt * 1:300926 <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt * 1:300927 <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt * 1:300928 <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt * 1:300929 <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt * 1:63521 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63522 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63523 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63524 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63525 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63526 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63527 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:63528 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63529 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63530 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63531 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63532 <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt * 1:63533 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:63536 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63537 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63538 <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection * 3:63552 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 3:28487 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 3:28488 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 1:29671 <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt * 1:300007 <-> SERVER-WEBAPP Multiple products directory traversal attempt * 1:34878 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34879 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34880 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34889 <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt * 1:37571 <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt * 1:53744 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:300923 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:300924 <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt * 1:300925 <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt * 1:300926 <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt * 1:300927 <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt * 1:300928 <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt * 1:300929 <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt * 1:63521 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63522 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63523 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63524 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63525 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63526 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63527 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:63528 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63529 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63530 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63531 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63532 <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt * 1:63533 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:63536 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63537 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63538 <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection * 3:63552 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 3:28487 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 3:28488 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 1:29671 <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt * 1:300007 <-> SERVER-WEBAPP Multiple products directory traversal attempt * 1:34878 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34879 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34880 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34889 <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt * 1:37571 <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt * 1:53744 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:300923 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:300924 <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt * 1:300925 <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt * 1:300926 <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt * 1:300927 <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt * 1:300928 <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt * 1:300929 <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt * 1:63521 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63522 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63523 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63524 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63525 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63526 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63527 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:63528 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63529 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63530 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63531 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63532 <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt * 1:63533 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:63536 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63537 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63538 <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection * 3:63552 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 3:28487 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 3:28488 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 1:29671 <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt * 1:300007 <-> SERVER-WEBAPP Multiple products directory traversal attempt * 1:34878 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34879 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34880 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34889 <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt * 1:37571 <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt * 1:53744 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:300923 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:300924 <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt * 1:300925 <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt * 1:300926 <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt * 1:300927 <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt * 1:300928 <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt * 1:300929 <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt * 1:63521 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63522 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63523 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63524 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63525 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63526 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63527 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:63528 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63529 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63530 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63531 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63532 <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt * 1:63533 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:63536 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63537 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63538 <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection * 3:63552 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 3:28487 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 3:28488 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 1:29671 <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt * 1:300007 <-> SERVER-WEBAPP Multiple products directory traversal attempt * 1:34878 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34879 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34880 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34889 <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt * 1:37571 <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt * 1:53744 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:300923 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:300924 <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt * 1:300925 <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt * 1:300926 <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt * 1:300927 <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt * 1:300928 <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt * 1:300929 <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt * 1:63521 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63522 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63523 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63524 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63525 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63526 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63527 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:63528 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63529 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63530 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63531 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63532 <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt * 1:63533 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:63536 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63537 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63538 <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection * 3:63552 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 3:28487 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 3:28488 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 1:29671 <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt * 1:300007 <-> SERVER-WEBAPP Multiple products directory traversal attempt * 1:34878 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34879 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34880 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34889 <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt * 1:37571 <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt * 1:53744 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:300923 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:300924 <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt * 1:300925 <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt * 1:300926 <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt * 1:300927 <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt * 1:300928 <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt * 1:300929 <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt * 1:63521 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63522 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63523 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63524 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63525 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63526 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63527 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:63528 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63529 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63530 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63531 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63532 <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt * 1:63533 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:63536 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63537 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63538 <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection * 3:63552 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 3:28487 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 3:28488 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 1:29671 <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt * 1:300007 <-> SERVER-WEBAPP Multiple products directory traversal attempt * 1:34878 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34879 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34880 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34889 <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt * 1:37571 <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt * 1:53744 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:300923 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:300924 <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt * 1:300925 <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt * 1:300926 <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt * 1:300927 <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt * 1:300928 <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt * 1:300929 <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt * 1:63521 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63522 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63523 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63524 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63525 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63526 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63527 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:63528 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63529 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63530 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63531 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63532 <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt * 1:63533 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:63536 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63537 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63538 <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection * 3:63552 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 3:28487 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 3:28488 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 1:29671 <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt * 1:300007 <-> SERVER-WEBAPP Multiple products directory traversal attempt * 1:34878 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34879 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34880 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34889 <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt * 1:37571 <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt * 1:53744 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.
The format of the file is:
gid:sid <-> Message
* 1:300923 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:300924 <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt * 1:300925 <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt * 1:300926 <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt * 1:300927 <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt * 1:300928 <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt * 1:300929 <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt * 1:63521 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63522 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63523 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63524 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63525 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63526 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63527 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:63528 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63529 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63530 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63531 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63532 <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt * 1:63533 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:63536 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63537 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63538 <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection * 3:63552 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 3:28487 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 3:28488 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 1:29671 <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt * 1:300007 <-> SERVER-WEBAPP Multiple products directory traversal attempt * 1:34878 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34879 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34880 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34889 <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt * 1:37571 <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt * 1:53744 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:300923 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:300924 <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt * 1:300925 <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt * 1:300926 <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt * 1:300927 <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt * 1:300928 <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt * 1:300929 <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt * 1:63521 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63522 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63523 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63524 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63525 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63526 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63527 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:63528 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63529 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63530 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63531 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63532 <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt * 1:63533 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:63536 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63537 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63538 <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection * 3:63552 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 3:28487 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 3:28488 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 1:29671 <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt * 1:300007 <-> SERVER-WEBAPP Multiple products directory traversal attempt * 1:34878 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34879 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34880 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34889 <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt * 1:37571 <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt * 1:53744 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:300923 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:300924 <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt * 1:300925 <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt * 1:300926 <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt * 1:300927 <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt * 1:300928 <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt * 1:300929 <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt * 1:63521 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63522 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63523 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63524 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63525 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63526 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63527 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:63528 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63529 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63530 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63531 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63532 <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt * 1:63533 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:63536 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63537 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63538 <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection * 3:63552 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 3:28487 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 3:28488 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 1:29671 <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt * 1:300007 <-> SERVER-WEBAPP Multiple products directory traversal attempt * 1:34878 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34879 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34880 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34889 <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt * 1:37571 <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt * 1:53744 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.
The format of the file is:
gid:sid <-> Message
* 1:300923 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:300924 <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt * 1:300925 <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt * 1:300926 <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt * 1:300927 <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt * 1:300928 <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt * 1:300929 <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt * 1:63521 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63522 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63523 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63524 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63525 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63526 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63527 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:63528 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63529 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63530 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63531 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63532 <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt * 1:63533 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:63536 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63537 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63538 <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection * 3:63552 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 3:28487 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 3:28488 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 1:29671 <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt * 1:300007 <-> SERVER-WEBAPP Multiple products directory traversal attempt * 1:34878 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34879 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34880 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34889 <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt * 1:37571 <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt * 1:53744 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.
The format of the file is:
gid:sid <-> Message
* 1:300923 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:300924 <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt * 1:300925 <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt * 1:300926 <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt * 1:300927 <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt * 1:300928 <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt * 1:300929 <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt * 1:63521 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63522 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63523 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63524 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63525 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63526 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63527 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:63528 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63529 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63530 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63531 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63532 <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt * 1:63533 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:63536 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63537 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63538 <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection * 3:63552 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 3:28487 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 3:28488 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 1:29671 <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt * 1:300007 <-> SERVER-WEBAPP Multiple products directory traversal attempt * 1:34878 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34879 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34880 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34889 <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt * 1:37571 <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt * 1:53744 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.
The format of the file is:
gid:sid <-> Message
* 1:300923 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:300924 <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt * 1:300925 <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt * 1:300926 <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt * 1:300927 <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt * 1:300928 <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt * 1:300929 <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt * 1:63521 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63522 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63523 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63524 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63525 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63526 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63527 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:63528 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63529 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63530 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63531 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63532 <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt * 1:63533 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:63536 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63537 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63538 <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection * 3:63552 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 3:28487 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 3:28488 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 1:29671 <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt * 1:300007 <-> SERVER-WEBAPP Multiple products directory traversal attempt * 1:34878 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34879 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34880 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34889 <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt * 1:37571 <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt * 1:53744 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.
The format of the file is:
gid:sid <-> Message
* 1:300923 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:300924 <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt * 1:300925 <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt * 1:300926 <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt * 1:300927 <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt * 1:300928 <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt * 1:300929 <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt * 1:63521 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63522 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63523 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63524 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63525 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63526 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63527 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:63528 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63529 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63530 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63531 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63532 <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt * 1:63533 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:63536 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63537 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63538 <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection * 3:63552 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 3:28487 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 3:28488 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 1:29671 <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt * 1:300007 <-> SERVER-WEBAPP Multiple products directory traversal attempt * 1:34878 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34879 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34880 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34889 <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt * 1:37571 <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt * 1:53744 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.
The format of the file is:
gid:sid <-> Message
* 1:300923 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:300924 <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt * 1:300925 <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt * 1:300926 <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt * 1:300927 <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt * 1:300928 <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt * 1:300929 <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt * 1:63521 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63522 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63523 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63524 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63525 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63526 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63527 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:63528 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63529 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63530 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63531 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63532 <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt * 1:63533 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:63536 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63537 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63538 <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection * 3:63552 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 3:28487 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 3:28488 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 1:29671 <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt * 1:300007 <-> SERVER-WEBAPP Multiple products directory traversal attempt * 1:34878 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34879 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34880 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34889 <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt * 1:37571 <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt * 1:53744 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt
This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.
The format of the file is:
gid:sid <-> Message
* 1:300923 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:300924 <-> MALWARE-TOOLS Win.Ransomware.Megazord executable download attempt * 1:300925 <-> MALWARE-TOOLS Win.Malware.BadPotato executable download attempt * 1:300926 <-> MALWARE-TOOLS Win.Malware.SpoolFool executable download attempt * 1:300927 <-> MALWARE-TOOLS Win.Malware.JuicyPotato executable download attempt * 1:300928 <-> MALWARE-TOOLS Win.Malware.SweetPotato executable download attempt * 1:300929 <-> MALWARE-TOOLS Win.Malware.RottenPotato executable download attempt * 1:63521 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63522 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63523 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63524 <-> MALWARE-CNC Win.Malware.DarkGate variant outbound connection * 1:63525 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63526 <-> SERVER-OTHER PHP ldap_get_entries denial of service attempt * 1:63527 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt * 1:63528 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63529 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63530 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63531 <-> SERVER-WEBAPP ZoneMinder monitor_ids command injection attempt * 1:63532 <-> SERVER-WEBAPP Check Point CloudGuard directory traversal attempt * 1:63533 <-> POLICY-OTHER D-Link DIR-605L information disclosure attempt * 1:63536 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63537 <-> SERVER-WEBAPP Arcadyan Buffalo directory traversal attempt * 1:63538 <-> MALWARE-CNC Win.Trojan.SpiceRAT variant outbound connection * 3:63552 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2024-1981 attack attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 3:28487 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 3:28488 <-> OS-WINDOWS Microsoft GDI library TIFF handling memory corruption attempt * 1:29671 <-> BROWSER-IE Microsoft Internet Explorer SVG handling use after free attempt * 1:300007 <-> SERVER-WEBAPP Multiple products directory traversal attempt * 1:34878 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34879 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34880 <-> SERVER-WEBAPP Arcserve Unified Data Protection export servlet directory traversal attempt * 1:34889 <-> SERVER-OTHER OpenSSL denial-of-service via crafted x.509 certificate attempt * 1:37571 <-> BROWSER-IE Microsoft Internet Explorer CDomPrototype type confusion attempt * 1:53744 <-> SERVER-ORACLE Oracle WebLogic Coherence library remote code execution attempt