Rule Update
19-055 (November 5, 2019)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
HP Intelligent Management Center (IMC)
1010042 - HPE Intelligent Management Center AMF3 Externalizable Deserialization (CVE-2019-11944)
Remote Login Applications
1004364* - TeamViewer (ATT&CK T1219)
Suspicious Client Application Activity
1005299* - Identified Potentially Malicious RAT Traffic - III (ATT&CK T1094)
1005300* - Identified Potentially Malicious RAT Traffic - IV (ATT&CK T1094)
Suspicious Server Ransomware Activity
1007582* - Ransomware Lectool-1
Web Application Common
1005934* - Identified Suspicious Command Injection Attack
1010046 - rConfig Remote Command Execution Vulnerability (CVE-2019-16662)
1010047 - rConfig Remote Command Execution Vulnerability (CVE-2019-16663)
Web Application Tomcat
1009697* - Apache Tomcat Remote Code Execution Vulnerability (CVE-2019-0232)
Web Server Common
1005839* - Identified XML External Entity Injection In HTTP Request
1009226* - Wing FTP Server Authenticated Command Execution Vulnerability (CVE-2015-4107)
Webmin
1010043* - Webmin Unauthenticated Remote Code Execution Vulnerability (CVE-2019-15107)
Windows Services RPC Server DCERPC
1009604* - Identified Usage Of WMI Execute Methods - Server - 1 (ATT&CK T1047)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
HP Intelligent Management Center (IMC)
1010042 - HPE Intelligent Management Center AMF3 Externalizable Deserialization (CVE-2019-11944)
Remote Login Applications
1004364* - TeamViewer (ATT&CK T1219)
Suspicious Client Application Activity
1005299* - Identified Potentially Malicious RAT Traffic - III (ATT&CK T1094)
1005300* - Identified Potentially Malicious RAT Traffic - IV (ATT&CK T1094)
Suspicious Server Ransomware Activity
1007582* - Ransomware Lectool-1
Web Application Common
1005934* - Identified Suspicious Command Injection Attack
1010046 - rConfig Remote Command Execution Vulnerability (CVE-2019-16662)
1010047 - rConfig Remote Command Execution Vulnerability (CVE-2019-16663)
Web Application Tomcat
1009697* - Apache Tomcat Remote Code Execution Vulnerability (CVE-2019-0232)
Web Server Common
1005839* - Identified XML External Entity Injection In HTTP Request
1009226* - Wing FTP Server Authenticated Command Execution Vulnerability (CVE-2015-4107)
Webmin
1010043* - Webmin Unauthenticated Remote Code Execution Vulnerability (CVE-2019-15107)
Windows Services RPC Server DCERPC
1009604* - Identified Usage Of WMI Execute Methods - Server - 1 (ATT&CK T1047)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.