Talos has added and modified multiple rules in the exploit-kit, file-flash, file-image, file-multimedia, malware-cnc, pua-adware and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39575 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules) * 1:39592 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed TagTypeAndLength field attempt (file-flash.rules) * 1:39590 <-> DISABLED <-> SERVER-WEBAPP TikiWiki elFinder component arbitrary PHP file upload attempt (server-webapp.rules) * 1:39588 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework arbitrary file upload attempt (server-webapp.rules) * 1:39589 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework arbitrary file upload attempt (server-webapp.rules) * 1:39585 <-> DISABLED <-> SERVER-WEBAPP Google Chromecast factory reset attempt (server-webapp.rules) * 1:39587 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules) * 1:39584 <-> DISABLED <-> SERVER-OTHER EasyCafe Server remote file access attempt (server-other.rules) * 1:39582 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules) * 1:39581 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection attempt (malware-cnc.rules) * 1:39573 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules) * 1:39574 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules) * 1:39576 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules) * 1:39583 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules) * 1:39580 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules) * 1:39586 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules) * 1:39591 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed TagTypeAndLength field attempt (file-flash.rules) * 1:39633 <-> DISABLED <-> PUA-ADWARE Win.Adware.Mizenota outbound connection (pua-adware.rules) * 1:39578 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection attempt (malware-cnc.rules) * 1:39579 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules) * 1:39577 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules) * 3:39599 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0181 attack attempt (file-image.rules) * 3:39626 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39628 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39625 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39623 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39624 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39621 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39620 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39619 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39616 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39617 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39614 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39615 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39613 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39605 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39606 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39601 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39609 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39595 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules) * 3:39597 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-CAN-0183 attack attempt (file-multimedia.rules) * 3:39604 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39610 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39632 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39594 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules) * 3:39635 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0180 attack attempt (file-image.rules) * 3:39596 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules) * 3:39634 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0180 attack attempt (file-image.rules) * 3:39598 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-CAN-0183 attack attempt (file-multimedia.rules) * 3:39611 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39631 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39630 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39607 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39612 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39618 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39622 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39593 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules) * 3:39600 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0181 attack attempt (file-image.rules) * 3:39608 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39627 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39629 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39603 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39602 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
* 1:39543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:38984 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:39540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39240 <-> DISABLED <-> EXPLOIT-KIT Neutrino Exploit Kit exploitation attempt (exploit-kit.rules) * 1:39241 <-> DISABLED <-> EXPLOIT-KIT Neutrino Exploit Kit exploitation attempt (exploit-kit.rules) * 1:38985 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:33480 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadGuide variant outbound connection (pua-adware.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2982.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39587 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules) * 1:39584 <-> DISABLED <-> SERVER-OTHER EasyCafe Server remote file access attempt (server-other.rules) * 1:39582 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules) * 1:39581 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection attempt (malware-cnc.rules) * 1:39573 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules) * 1:39574 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules) * 1:39592 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed TagTypeAndLength field attempt (file-flash.rules) * 1:39590 <-> DISABLED <-> SERVER-WEBAPP TikiWiki elFinder component arbitrary PHP file upload attempt (server-webapp.rules) * 1:39588 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework arbitrary file upload attempt (server-webapp.rules) * 1:39589 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework arbitrary file upload attempt (server-webapp.rules) * 1:39585 <-> DISABLED <-> SERVER-WEBAPP Google Chromecast factory reset attempt (server-webapp.rules) * 1:39577 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules) * 1:39575 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules) * 1:39576 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules) * 1:39579 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules) * 1:39580 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules) * 1:39583 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules) * 1:39586 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules) * 1:39591 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed TagTypeAndLength field attempt (file-flash.rules) * 1:39633 <-> DISABLED <-> PUA-ADWARE Win.Adware.Mizenota outbound connection (pua-adware.rules) * 1:39578 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection attempt (malware-cnc.rules) * 3:39594 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules) * 3:39628 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39626 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39624 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39625 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39621 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39623 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39620 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39619 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39616 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39617 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39615 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39614 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39613 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39632 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39593 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules) * 3:39595 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules) * 3:39604 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39608 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39596 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules) * 3:39605 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39606 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39609 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39598 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-CAN-0183 attack attempt (file-multimedia.rules) * 3:39610 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39599 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0181 attack attempt (file-image.rules) * 3:39611 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39600 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0181 attack attempt (file-image.rules) * 3:39601 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39630 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39631 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39597 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-CAN-0183 attack attempt (file-multimedia.rules) * 3:39607 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39618 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39612 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39622 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39635 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0180 attack attempt (file-image.rules) * 3:39634 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0180 attack attempt (file-image.rules) * 3:39603 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39602 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39627 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39629 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
* 1:39543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39241 <-> DISABLED <-> EXPLOIT-KIT Neutrino Exploit Kit exploitation attempt (exploit-kit.rules) * 1:39540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:38985 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:39240 <-> DISABLED <-> EXPLOIT-KIT Neutrino Exploit Kit exploitation attempt (exploit-kit.rules) * 1:33480 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadGuide variant outbound connection (pua-adware.rules) * 1:38984 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39633 <-> DISABLED <-> PUA-ADWARE Win.Adware.Mizenota outbound connection (pua-adware.rules) * 1:39592 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed TagTypeAndLength field attempt (file-flash.rules) * 1:39591 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed TagTypeAndLength field attempt (file-flash.rules) * 1:39590 <-> DISABLED <-> SERVER-WEBAPP TikiWiki elFinder component arbitrary PHP file upload attempt (server-webapp.rules) * 1:39589 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework arbitrary file upload attempt (server-webapp.rules) * 1:39588 <-> DISABLED <-> SERVER-WEBAPP WebNMS Framework arbitrary file upload attempt (server-webapp.rules) * 1:39587 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules) * 1:39586 <-> DISABLED <-> PUA-ADWARE Win.Adware.Antivirus Container.exe referral link attempt (pua-adware.rules) * 1:39585 <-> DISABLED <-> SERVER-WEBAPP Google Chromecast factory reset attempt (server-webapp.rules) * 1:39584 <-> DISABLED <-> SERVER-OTHER EasyCafe Server remote file access attempt (server-other.rules) * 1:39583 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules) * 1:39582 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules) * 1:39581 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection attempt (malware-cnc.rules) * 1:39580 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules) * 1:39579 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules) * 1:39578 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection attempt (malware-cnc.rules) * 1:39577 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules) * 1:39576 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules) * 1:39575 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules) * 1:39574 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules) * 1:39573 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection attempt (malware-cnc.rules) * 3:39635 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0180 attack attempt (file-image.rules) * 3:39634 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0180 attack attempt (file-image.rules) * 3:39632 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39631 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39630 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39629 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39628 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39626 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39627 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39625 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39624 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39623 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39622 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39621 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39620 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39619 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39618 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39612 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39617 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39616 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39615 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39614 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39613 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39611 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39610 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39609 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39593 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules) * 3:39594 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules) * 3:39595 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules) * 3:39596 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0163 attack attempt (file-image.rules) * 3:39597 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-CAN-0183 attack attempt (file-multimedia.rules) * 3:39608 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39598 <-> ENABLED <-> FILE-MULTIMEDIA TRUFFLEHUNTER TALOS-CAN-0183 attack attempt (file-multimedia.rules) * 3:39599 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0181 attack attempt (file-image.rules) * 3:39600 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0181 attack attempt (file-image.rules) * 3:39601 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39607 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39606 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39605 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39604 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39602 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules) * 3:39603 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-CAN-0171 attack attempt (file-image.rules)
* 1:39543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:39241 <-> DISABLED <-> EXPLOIT-KIT Neutrino Exploit Kit exploitation attempt (exploit-kit.rules) * 1:39540 <-> ENABLED <-> FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt (file-flash.rules) * 1:38985 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules) * 1:39240 <-> DISABLED <-> EXPLOIT-KIT Neutrino Exploit Kit exploitation attempt (exploit-kit.rules) * 1:33480 <-> DISABLED <-> PUA-ADWARE Win.Adware.DownloadGuide variant outbound connection (pua-adware.rules) * 1:38984 <-> ENABLED <-> FILE-FLASH Adobe Flash Player corrupt PNG image load out of bounds memory access attempt (file-flash.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
