Talos has added and modified multiple rules in the blacklist, browser-ie, browser-plugins, file-flash, file-office, file-other, file-pdf, indicator-compromise, malware-cnc, malware-other, os-linux, policy-other, server-mssql, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34859 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules) * 1:34839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34834 <-> ENABLED <-> BLACKLIST USER-AGENT Win.Trojan.Darkcpn outbound connection (blacklist.rules) * 1:34829 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sanjosemaristas.com - Win.Trojan.Cozybear (blacklist.rules) * 1:34805 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34807 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules) * 1:34808 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules) * 1:34812 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player assumed trust URI reference to child file attempt (file-flash.rules) * 1:34809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules) * 1:34816 <-> ENABLED <-> FILE-FLASH Adobe Flash FPU stack corruption attempt (file-flash.rules) * 1:34866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules) * 1:34868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules) * 1:34869 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection attempt (malware-cnc.rules) * 1:34870 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34810 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules) * 1:34804 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34799 <-> DISABLED <-> SERVER-WEBAPP UPnP AddPortMapping SOAP action command injection attempt (server-webapp.rules) * 1:34800 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:34801 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:34798 <-> DISABLED <-> SERVER-OTHER HP LoadRunner launcher.dll stack buffer overflow attempt (server-other.rules) * 1:34796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:34797 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:34794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:34795 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:34813 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34814 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34817 <-> ENABLED <-> FILE-FLASH Adobe Flash FPU stack corruption attempt (file-flash.rules) * 1:34818 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound communication attempt (malware-cnc.rules) * 1:34819 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules) * 1:34820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules) * 1:34821 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules) * 1:34822 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules) * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules) * 1:34824 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules) * 1:34825 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules) * 1:34826 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cifss.org - Win.Trojan.Cozybear (blacklist.rules) * 1:34827 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getiton.hants.org.uk - Win.Trojan.Cozybear (blacklist.rules) * 1:34828 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pvt.relance.fr - Win.Trojan.Cozybear (blacklist.rules) * 1:34830 <-> ENABLED <-> BLACKLIST DNS request for known malware domain seccionpolitica.com.ar - Win.Trojan.Cozybear (blacklist.rules) * 1:34831 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34832 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34833 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules) * 1:34835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules) * 1:34836 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34837 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34838 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34840 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34841 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34842 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34843 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (blacklist.rules) * 1:34845 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules) * 1:34846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules) * 1:34847 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules) * 1:34849 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules) * 1:34848 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules) * 1:34815 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34861 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34850 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules) * 1:34851 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules) * 1:34852 <-> ENABLED <-> BLACKLIST DNS request for known malware domain homerlindo2.gotdns.org - Win.Trojan.Banker (blacklist.rules) * 1:34853 <-> ENABLED <-> FILE-FLASH Adobe Flash custom TextField filter use after free attempt (file-flash.rules) * 1:34855 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules) * 1:34856 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules) * 1:34860 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34803 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fanny outbound connection (malware-cnc.rules) * 1:34865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34864 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules) * 1:34862 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34863 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34858 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34802 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (os-linux.rules) * 1:34854 <-> ENABLED <-> FILE-FLASH Adobe Flash custom TextField filter use after free attempt (file-flash.rules)
* 1:34243 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:34538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34242 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:32027 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules) * 1:34167 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:34169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:31407 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules) * 1:34166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (server-webapp.rules) * 1:33942 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:31410 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules) * 1:32026 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules) * 1:31409 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules) * 1:20883 <-> DISABLED <-> FILE-OFFICE Microsoft Windows embedded packager object with .application extension bypass attempt (file-office.rules) * 1:31408 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules) * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:13896 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL server MTF file download (server-mssql.rules) * 1:20698 <-> DISABLED <-> FILE-OTHER Telnet protocol specifier command injection attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34863 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34825 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules) * 1:34816 <-> ENABLED <-> FILE-FLASH Adobe Flash FPU stack corruption attempt (file-flash.rules) * 1:34815 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34813 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34812 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player assumed trust URI reference to child file attempt (file-flash.rules) * 1:34804 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34802 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (os-linux.rules) * 1:34807 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules) * 1:34805 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34808 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules) * 1:34809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules) * 1:34810 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules) * 1:34800 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:34801 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:34798 <-> DISABLED <-> SERVER-OTHER HP LoadRunner launcher.dll stack buffer overflow attempt (server-other.rules) * 1:34799 <-> DISABLED <-> SERVER-WEBAPP UPnP AddPortMapping SOAP action command injection attempt (server-webapp.rules) * 1:34796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:34797 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:34794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:34795 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34869 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection attempt (malware-cnc.rules) * 1:34870 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules) * 1:34868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules) * 1:34866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34814 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34817 <-> ENABLED <-> FILE-FLASH Adobe Flash FPU stack corruption attempt (file-flash.rules) * 1:34818 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound communication attempt (malware-cnc.rules) * 1:34819 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules) * 1:34820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules) * 1:34821 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules) * 1:34822 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules) * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules) * 1:34824 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules) * 1:34826 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cifss.org - Win.Trojan.Cozybear (blacklist.rules) * 1:34827 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getiton.hants.org.uk - Win.Trojan.Cozybear (blacklist.rules) * 1:34828 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pvt.relance.fr - Win.Trojan.Cozybear (blacklist.rules) * 1:34830 <-> ENABLED <-> BLACKLIST DNS request for known malware domain seccionpolitica.com.ar - Win.Trojan.Cozybear (blacklist.rules) * 1:34829 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sanjosemaristas.com - Win.Trojan.Cozybear (blacklist.rules) * 1:34831 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34832 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34833 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules) * 1:34834 <-> ENABLED <-> BLACKLIST USER-AGENT Win.Trojan.Darkcpn outbound connection (blacklist.rules) * 1:34835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules) * 1:34836 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34837 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34838 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34840 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34841 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34842 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules) * 1:34843 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (blacklist.rules) * 1:34845 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules) * 1:34846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules) * 1:34847 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules) * 1:34806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34849 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules) * 1:34848 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules) * 1:34850 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules) * 1:34851 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules) * 1:34852 <-> ENABLED <-> BLACKLIST DNS request for known malware domain homerlindo2.gotdns.org - Win.Trojan.Banker (blacklist.rules) * 1:34854 <-> ENABLED <-> FILE-FLASH Adobe Flash custom TextField filter use after free attempt (file-flash.rules) * 1:34853 <-> ENABLED <-> FILE-FLASH Adobe Flash custom TextField filter use after free attempt (file-flash.rules) * 1:34855 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules) * 1:34856 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules) * 1:34857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fanny outbound connection (malware-cnc.rules) * 1:34859 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34858 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34861 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34862 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34860 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34803 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34864 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules)
* 1:34539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34242 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34243 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34167 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:34241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:34240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:34168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:33942 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:32026 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules) * 1:32027 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules) * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (server-webapp.rules) * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31410 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules) * 1:31408 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules) * 1:31409 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules) * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31407 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules) * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:20698 <-> DISABLED <-> FILE-OTHER Telnet protocol specifier command injection attempt (file-other.rules) * 1:20883 <-> DISABLED <-> FILE-OFFICE Microsoft Windows embedded packager object with .application extension bypass attempt (file-office.rules) * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:13896 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL server MTF file download (server-mssql.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34803 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34802 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (os-linux.rules) * 1:34805 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34804 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34807 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules) * 1:34808 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules) * 1:34809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules) * 1:34810 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules) * 1:34801 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:34800 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:34811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player assumed trust URI reference to child file attempt (file-flash.rules) * 1:34798 <-> DISABLED <-> SERVER-OTHER HP LoadRunner launcher.dll stack buffer overflow attempt (server-other.rules) * 1:34799 <-> DISABLED <-> SERVER-WEBAPP UPnP AddPortMapping SOAP action command injection attempt (server-webapp.rules) * 1:34796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:34797 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:34812 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34795 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:34794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:34813 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34814 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34815 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34816 <-> ENABLED <-> FILE-FLASH Adobe Flash FPU stack corruption attempt (file-flash.rules) * 1:34817 <-> ENABLED <-> FILE-FLASH Adobe Flash FPU stack corruption attempt (file-flash.rules) * 1:34818 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound communication attempt (malware-cnc.rules) * 1:34819 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules) * 1:34820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules) * 1:34821 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules) * 1:34822 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules) * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules) * 1:34824 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules) * 1:34825 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules) * 1:34826 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cifss.org - Win.Trojan.Cozybear (blacklist.rules) * 1:34827 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getiton.hants.org.uk - Win.Trojan.Cozybear (blacklist.rules) * 1:34828 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pvt.relance.fr - Win.Trojan.Cozybear (blacklist.rules) * 1:34829 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sanjosemaristas.com - Win.Trojan.Cozybear (blacklist.rules) * 1:34830 <-> ENABLED <-> BLACKLIST DNS request for known malware domain seccionpolitica.com.ar - Win.Trojan.Cozybear (blacklist.rules) * 1:34831 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34832 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34833 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules) * 1:34835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules) * 1:34834 <-> ENABLED <-> BLACKLIST USER-AGENT Win.Trojan.Darkcpn outbound connection (blacklist.rules) * 1:34836 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34837 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34838 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34840 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34841 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34842 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34843 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (blacklist.rules) * 1:34844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules) * 1:34845 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules) * 1:34846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules) * 1:34847 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules) * 1:34848 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules) * 1:34849 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules) * 1:34850 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules) * 1:34851 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules) * 1:34852 <-> ENABLED <-> BLACKLIST DNS request for known malware domain homerlindo2.gotdns.org - Win.Trojan.Banker (blacklist.rules) * 1:34853 <-> ENABLED <-> FILE-FLASH Adobe Flash custom TextField filter use after free attempt (file-flash.rules) * 1:34855 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules) * 1:34854 <-> ENABLED <-> FILE-FLASH Adobe Flash custom TextField filter use after free attempt (file-flash.rules) * 1:34856 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules) * 1:34857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fanny outbound connection (malware-cnc.rules) * 1:34858 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34859 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34870 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34869 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection attempt (malware-cnc.rules) * 1:34868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules) * 1:34867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules) * 1:34866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34863 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34864 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules) * 1:34862 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34861 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34860 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules)
* 1:34538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34242 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34243 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:34169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:34166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:34167 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:32026 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules) * 1:33942 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (server-webapp.rules) * 1:32027 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules) * 1:31409 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules) * 1:31410 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules) * 1:31407 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules) * 1:31408 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules) * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:20698 <-> DISABLED <-> FILE-OTHER Telnet protocol specifier command injection attempt (file-other.rules) * 1:20883 <-> DISABLED <-> FILE-OFFICE Microsoft Windows embedded packager object with .application extension bypass attempt (file-office.rules) * 1:13896 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL server MTF file download (server-mssql.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34870 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34869 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection attempt (malware-cnc.rules) * 1:34868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules) * 1:34867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules) * 1:34866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34864 <-> DISABLED <-> INDICATOR-COMPROMISE Metasploit Meterpreter reverse HTTPS certificate (indicator-compromise.rules) * 1:34863 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34862 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34861 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34860 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34859 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34858 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData shader bit information disclosure attempt (file-flash.rules) * 1:34857 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fanny outbound connection (malware-cnc.rules) * 1:34856 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules) * 1:34855 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShaderParameter out of bounds write attempt (file-flash.rules) * 1:34854 <-> ENABLED <-> FILE-FLASH Adobe Flash custom TextField filter use after free attempt (file-flash.rules) * 1:34853 <-> ENABLED <-> FILE-FLASH Adobe Flash custom TextField filter use after free attempt (file-flash.rules) * 1:34852 <-> ENABLED <-> BLACKLIST DNS request for known malware domain homerlindo2.gotdns.org - Win.Trojan.Banker (blacklist.rules) * 1:34851 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules) * 1:34850 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules) * 1:34849 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules) * 1:34848 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Shader Channel integer overflow attempt (file-flash.rules) * 1:34847 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.ChinaZ outbound connection (malware-cnc.rules) * 1:34846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules) * 1:34845 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules) * 1:34844 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules) * 1:34843 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (blacklist.rules) * 1:34842 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34841 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34840 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34839 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34838 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34837 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34836 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid URL encoding exploit attempt (file-flash.rules) * 1:34835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules) * 1:34834 <-> ENABLED <-> BLACKLIST USER-AGENT Win.Trojan.Darkcpn outbound connection (blacklist.rules) * 1:34833 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules) * 1:34832 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34831 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34830 <-> ENABLED <-> BLACKLIST DNS request for known malware domain seccionpolitica.com.ar - Win.Trojan.Cozybear (blacklist.rules) * 1:34829 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sanjosemaristas.com - Win.Trojan.Cozybear (blacklist.rules) * 1:34828 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pvt.relance.fr - Win.Trojan.Cozybear (blacklist.rules) * 1:34827 <-> ENABLED <-> BLACKLIST DNS request for known malware domain getiton.hants.org.uk - Win.Trojan.Cozybear (blacklist.rules) * 1:34826 <-> ENABLED <-> BLACKLIST DNS request for known malware domain cifss.org - Win.Trojan.Cozybear (blacklist.rules) * 1:34825 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules) * 1:34824 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer moveEnd information disclosure attempt (browser-ie.rules) * 1:34823 <-> DISABLED <-> POLICY-OTHER HP SiteScope unspecified privilege escalation attempt (policy-other.rules) * 1:34822 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules) * 1:34821 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules) * 1:34820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules) * 1:34819 <-> ENABLED <-> FILE-FLASH Adobe Flash Player concurrent worker thread terminate use-after-free attempt (file-flash.rules) * 1:34818 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound communication attempt (malware-cnc.rules) * 1:34817 <-> ENABLED <-> FILE-FLASH Adobe Flash FPU stack corruption attempt (file-flash.rules) * 1:34816 <-> ENABLED <-> FILE-FLASH Adobe Flash FPU stack corruption attempt (file-flash.rules) * 1:34815 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34814 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34813 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34812 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Security.allowDomain cross domain policy bypass attempt (file-flash.rules) * 1:34811 <-> DISABLED <-> FILE-FLASH Adobe Flash Player assumed trust URI reference to child file attempt (file-flash.rules) * 1:34810 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules) * 1:34809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules) * 1:34808 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules) * 1:34807 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetConnection and NetStream type confusion exploit attempt (file-flash.rules) * 1:34806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34805 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34804 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34803 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34802 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (os-linux.rules) * 1:34801 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:34800 <-> DISABLED <-> SERVER-ORACLE 10g iSQLPlus service heap overflow attempt (server-oracle.rules) * 1:34799 <-> DISABLED <-> SERVER-WEBAPP UPnP AddPortMapping SOAP action command injection attempt (server-webapp.rules) * 1:34798 <-> DISABLED <-> SERVER-OTHER HP LoadRunner launcher.dll stack buffer overflow attempt (server-other.rules) * 1:34797 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:34796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:34795 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules) * 1:34794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player JSON stringify memory corruption attempt (file-flash.rules)
* 1:34538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34242 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34243 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:34168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:34167 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:33942 <-> DISABLED <-> MALWARE-OTHER Executable control panel file download request (malware-other.rules) * 1:34166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:32027 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules) * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (server-webapp.rules) * 1:31410 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules) * 1:32026 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid TRCK frame attempt (file-flash.rules) * 1:31408 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules) * 1:31409 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules) * 1:31407 <-> ENABLED <-> BROWSER-PLUGINS Adobe Reader 11 messageHandler ActiveX access attempt (browser-plugins.rules) * 1:31400 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31401 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:31181 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS handshake recursion denial of service attempt (server-other.rules) * 1:31399 <-> DISABLED <-> POLICY-OTHER Rosetta Flash tool use attempt (policy-other.rules) * 1:20883 <-> DISABLED <-> FILE-OFFICE Microsoft Windows embedded packager object with .application extension bypass attempt (file-office.rules) * 1:13896 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL server MTF file download (server-mssql.rules) * 1:20698 <-> DISABLED <-> FILE-OTHER Telnet protocol specifier command injection attempt (file-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
