Snort - Network Intrusion Detection & Prevention System

Talos Rules 2025-08-12

Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Microsoft Vulnerability CVE-2025-49743: A coding deficiency exists in Microsoft Windows Graphics Component that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 65236 through 65237, Snort 3: GID 1, SID 301301.

Microsoft Vulnerability CVE-2025-50167: A coding deficiency exists in Microsoft Windows Hyper-V that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 65234 through 65235, Snort 3: GID 1, SID 301300.

Microsoft Vulnerability CVE-2025-50168: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 65242 through 65243, Snort 3: GID 1, SID 301304.

Microsoft Vulnerability CVE-2025-50177: A coding deficiency exists in Microsoft Message Queuing (MSMQ) that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 65241, Snort 3: GID 1, SID 65241.

Microsoft Vulnerability CVE-2025-53132: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 65244 through 65245, Snort 3: GID 1, SID 301305.

Microsoft Vulnerability CVE-2025-53147: A coding deficiency exists in Microsoft Windows Ancillary Function Driver for WinSock that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SIDs 65246 through 65247, Snort 3: GID 1, SID 301306.

Microsoft Vulnerability CVE-2025-53778: A coding deficiency exists in Microsoft Windows NTLM that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with: Snort 2: GID 1, SID 65240, Snort 3: GID 1, SID 65240.

Talos also has added and modified multiple rules in the file-other, malware-cnc, malware-other, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

29200

2025-08-12 18:06:54 UTC

Snort Subscriber Rules Update

Date: 2025-08-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2092000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65230 <-> DISABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules)
 * 1:65231 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)
 * 1:65232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)
 * 1:65233 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt (malware-other.rules)
 * 1:65234 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65235 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65236 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65237 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65238 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65239 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65240 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt (os-windows.rules)
 * 1:65241 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt (os-windows.rules)
 * 1:65242 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65243 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65244 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65245 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65246 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65247 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65248 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection (malware-cnc.rules)
 * 1:65249 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65250 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65251 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65252 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65253 <-> DISABLED <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt (server-webapp.rules)

Modified Rules:


 * 1:60599 <-> DISABLED <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt (policy-other.rules)
 * 1:64906 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)
 * 1:64907 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)

29190

2025-08-12 18:06:54 UTC

Snort Subscriber Rules Update

Date: 2025-08-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65231 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)
 * 1:65249 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65248 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection (malware-cnc.rules)
 * 1:65233 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt (malware-other.rules)
 * 1:65234 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65235 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65236 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65237 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65238 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65239 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65240 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt (os-windows.rules)
 * 1:65241 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt (os-windows.rules)
 * 1:65242 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65243 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65244 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65245 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65246 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65247 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65230 <-> DISABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules)
 * 1:65251 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65250 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65252 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65253 <-> DISABLED <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt (server-webapp.rules)
 * 1:65232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)

Modified Rules:


 * 1:64906 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)
 * 1:60599 <-> DISABLED <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt (policy-other.rules)
 * 1:64907 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)

29181

2025-08-12 18:06:54 UTC

Snort Subscriber Rules Update

Date: 2025-08-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65249 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65250 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65251 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65252 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65233 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt (malware-other.rules)
 * 1:65253 <-> DISABLED <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt (server-webapp.rules)
 * 1:65244 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65235 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65236 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65237 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65238 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65239 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65240 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt (os-windows.rules)
 * 1:65241 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt (os-windows.rules)
 * 1:65242 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65247 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65246 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65245 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65230 <-> DISABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules)
 * 1:65234 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65231 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)
 * 1:65232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)
 * 1:65243 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65248 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection (malware-cnc.rules)

Modified Rules:


 * 1:60599 <-> DISABLED <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt (policy-other.rules)
 * 1:64907 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)
 * 1:64906 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)

29171

2025-08-12 18:06:54 UTC

Snort Subscriber Rules Update

Date: 2025-08-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65249 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65230 <-> DISABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules)
 * 1:65231 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)
 * 1:65232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)
 * 1:65250 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65251 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65253 <-> DISABLED <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt (server-webapp.rules)
 * 1:65252 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65246 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65247 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65245 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65233 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt (malware-other.rules)
 * 1:65234 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65242 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65248 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection (malware-cnc.rules)
 * 1:65235 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65244 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65236 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65238 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65237 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65240 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt (os-windows.rules)
 * 1:65239 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65243 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65241 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt (os-windows.rules)

Modified Rules:


 * 1:64907 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)
 * 1:64906 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)
 * 1:60599 <-> DISABLED <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt (policy-other.rules)

29170

2025-08-12 18:06:54 UTC

Snort Subscriber Rules Update

Date: 2025-08-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65252 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65236 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)
 * 1:65234 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65235 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65253 <-> DISABLED <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt (server-webapp.rules)
 * 1:65241 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt (os-windows.rules)
 * 1:65244 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65243 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65237 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65251 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65247 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65248 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection (malware-cnc.rules)
 * 1:65246 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65250 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65242 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65233 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt (malware-other.rules)
 * 1:65249 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65231 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)
 * 1:65238 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65239 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65245 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65230 <-> DISABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules)
 * 1:65240 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt (os-windows.rules)

Modified Rules:


 * 1:60599 <-> DISABLED <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt (policy-other.rules)
 * 1:64907 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)
 * 1:64906 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)

29161

2025-08-12 18:06:54 UTC

Snort Subscriber Rules Update

Date: 2025-08-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65231 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)
 * 1:65233 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt (malware-other.rules)
 * 1:65249 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65236 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65253 <-> DISABLED <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt (server-webapp.rules)
 * 1:65245 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65251 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65252 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65234 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65244 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65248 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection (malware-cnc.rules)
 * 1:65232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)
 * 1:65230 <-> DISABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules)
 * 1:65242 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65246 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65241 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt (os-windows.rules)
 * 1:65247 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65235 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65238 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65239 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65243 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65237 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65240 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt (os-windows.rules)
 * 1:65250 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:64906 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)
 * 1:64907 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)
 * 1:60599 <-> DISABLED <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt (policy-other.rules)

29160

2025-08-12 18:06:54 UTC

Snort Subscriber Rules Update

Date: 2025-08-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65233 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt (malware-other.rules)
 * 1:65252 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65246 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65253 <-> DISABLED <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt (server-webapp.rules)
 * 1:65249 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65230 <-> DISABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules)
 * 1:65238 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65248 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection (malware-cnc.rules)
 * 1:65245 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65250 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65235 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65240 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt (os-windows.rules)
 * 1:65244 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65241 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt (os-windows.rules)
 * 1:65242 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65236 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65243 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65237 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65239 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65251 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)
 * 1:65247 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65234 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65231 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)

Modified Rules:


 * 1:64906 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)
 * 1:64907 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)
 * 1:60599 <-> DISABLED <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt (policy-other.rules)

29151

2025-08-12 18:06:54 UTC

Snort Subscriber Rules Update

Date: 2025-08-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65253 <-> DISABLED <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt (server-webapp.rules)
 * 1:65247 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65233 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt (malware-other.rules)
 * 1:65231 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)
 * 1:65249 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65235 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65230 <-> DISABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules)
 * 1:65244 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65237 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65239 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65242 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65238 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65250 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65246 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)
 * 1:65241 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt (os-windows.rules)
 * 1:65236 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65234 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65243 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65248 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection (malware-cnc.rules)
 * 1:65245 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65251 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65240 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt (os-windows.rules)
 * 1:65252 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:64907 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)
 * 1:64906 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)
 * 1:60599 <-> DISABLED <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt (policy-other.rules)

29141

2025-08-12 18:06:54 UTC

Snort Subscriber Rules Update

Date: 2025-08-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65252 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)
 * 1:65233 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt (malware-other.rules)
 * 1:65235 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65250 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65234 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65249 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65237 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65238 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65230 <-> DISABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules)
 * 1:65239 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65240 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt (os-windows.rules)
 * 1:65241 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt (os-windows.rules)
 * 1:65242 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65243 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65244 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65245 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65246 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65236 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65247 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65231 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)
 * 1:65253 <-> DISABLED <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt (server-webapp.rules)
 * 1:65248 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection (malware-cnc.rules)
 * 1:65251 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:64907 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)
 * 1:60599 <-> DISABLED <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt (policy-other.rules)
 * 1:64906 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)

29130

2025-08-12 18:06:54 UTC

Snort Subscriber Rules Update

Date: 2025-08-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65247 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65246 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65253 <-> DISABLED <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt (server-webapp.rules)
 * 1:65248 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection (malware-cnc.rules)
 * 1:65230 <-> DISABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules)
 * 1:65232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)
 * 1:65249 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65241 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt (os-windows.rules)
 * 1:65243 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65233 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt (malware-other.rules)
 * 1:65231 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)
 * 1:65251 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65245 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65234 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65235 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65236 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65239 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65237 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65238 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65244 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65252 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65242 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65250 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65240 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt (os-windows.rules)

Modified Rules:


 * 1:64907 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)
 * 1:64906 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)
 * 1:60599 <-> DISABLED <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt (policy-other.rules)

29111

2025-08-12 18:06:54 UTC

Snort Subscriber Rules Update

Date: 2025-08-12

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:65252 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65234 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)
 * 1:65236 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65248 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection (malware-cnc.rules)
 * 1:65246 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65251 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65239 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65240 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt (os-windows.rules)
 * 1:65241 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt (os-windows.rules)
 * 1:65243 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65244 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65242 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt (os-windows.rules)
 * 1:65230 <-> DISABLED <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt (server-webapp.rules)
 * 1:65233 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt (malware-other.rules)
 * 1:65247 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt (os-windows.rules)
 * 1:65235 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt (os-windows.rules)
 * 1:65245 <-> DISABLED <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt (os-windows.rules)
 * 1:65238 <-> DISABLED <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt (server-webapp.rules)
 * 1:65253 <-> DISABLED <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt (server-webapp.rules)
 * 1:65250 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65249 <-> DISABLED <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt (server-webapp.rules)
 * 1:65237 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt (os-windows.rules)
 * 1:65231 <-> ENABLED <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection (malware-cnc.rules)

Modified Rules:


 * 1:64906 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)
 * 1:64907 <-> DISABLED <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt (file-other.rules)
 * 1:60599 <-> DISABLED <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt (policy-other.rules)

3000

2025-08-12 18:10:02 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

3031

2025-08-12 18:10:02 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

3034

2025-08-12 18:10:02 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

3100

2025-08-12 18:10:02 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

3101

2025-08-12 18:10:03 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

3110

2025-08-12 18:10:03 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

3130

2025-08-12 18:10:03 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

3140

2025-08-12 18:10:03 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

3150

2025-08-12 18:10:03 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

3170

2025-08-12 18:10:03 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

3190

2025-08-12 18:10:03 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

3200

2025-08-12 18:10:03 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.2.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

3351

2025-08-12 18:10:03 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.5.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

3360

2025-08-12 18:10:03 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.6.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

3370

2025-08-12 18:10:03 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.3.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

3700

2025-08-12 18:10:03 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.7.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

3900

2025-08-12 18:10:03 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.9.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

31110

2025-08-12 18:10:03 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

31150

2025-08-12 18:10:03 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

31180

2025-08-12 18:10:03 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

31200

2025-08-12 18:10:03 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.20.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

31210

2025-08-12 18:10:03 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

31350

2025-08-12 18:10:04 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.35.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

31440

2025-08-12 18:10:04 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.44.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt

31470

2025-08-12 18:10:04 UTC

Snort Subscriber Rules Update

Date: 2025-08-11-001

This is the complete list of rules modified and added in the Cisco Talos Certified rule pack for Snort version 3.1.47.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:301300 <-> OS-WINDOWS Microsoft Windows Hyper-V elevation of privilege attempt
* 1:301301 <-> OS-WINDOWS Microsoft Windows Graphics Component elevation of privilege attempt
* 1:301302 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301303 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:301304 <-> OS-WINDOWS Microsoft Windows Win32kbase.sys elevation of privilege attempt
* 1:301305 <-> OS-WINDOWS Microsoft Win32K Kernel driver elevation of privilege attempt
* 1:301306 <-> OS-WINDOWS Microsoft Windows Ancillary Function Driver for WinSock elevation of privilege attempt
* 1:65230 <-> SERVER-WEBAPP AMI MegaRAC SPx authentication bypass attempt
* 1:65231 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65232 <-> MALWARE-CNC Win.Trojan.PS1Bot variant outbound connection
* 1:65233 <-> MALWARE-OTHER Win.Trojan.PS1Bot variant payload download attempt
* 1:65238 <-> SERVER-WEBAPP Sophos XG Firewall SQL injection attempt
* 1:65240 <-> OS-WINDOWS Microsoft Windows NTLM elevation of privilege attempt
* 1:65241 <-> OS-WINDOWS Microsoft Windows MSMQ denial of service attempt
* 1:65248 <-> MALWARE-CNC Win.Backdoor.BadIIS javascript injection
* 1:65249 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65250 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65251 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65252 <-> SERVER-WEBAPP D-Link ddns_enc.cgi command injection attempt
* 1:65253 <-> SERVER-WEBAPP D-Link IP Camera admin password disclosure attempt

Modified Rules:

* 1:301208 <-> FILE-OTHER FreeType font subglyph out-of-bounds write attempt
* 1:60599 <-> POLICY-OTHER FortiGate and FortiADC LDAP Connectivity Test potential credential leak attempt