Talos has added and modified multiple rules in the blacklist, browser-ie, browser-plugins, deleted, exploit-kit, file-flash, file-office, file-pdf, malware-cnc, malware-other, malware-tools, os-windows, policy-other, pua-adware, pua-toolbars, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34940 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34935 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (malware-cnc.rules) * 1:34936 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Swaylib outbound variant connection (malware-cnc.rules) * 1:34928 <-> ENABLED <-> BLACKLIST DNS request for known malware domain aotc.ru - Win.Trojan.Urausy (blacklist.rules) * 1:34926 <-> DISABLED <-> BLACKLIST DNS request for known adware domain cloud4ads.com - Win.Adware.PullUpdate (blacklist.rules) * 1:34924 <-> DISABLED <-> DELETED FILE-OFFICE OpenOffice Word document table parsing sprmTDelete heap buffer overflow attempt (deleted.rules) * 1:34925 <-> DISABLED <-> DELETED FILE-OFFICE OpenOffice Word document table parsing sprmTDelete heap buffer overflow attempt (deleted.rules) * 1:34927 <-> DISABLED <-> PUA-ADWARE PullUpdate installer outbound connection (pua-adware.rules) * 1:34933 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HSC DVD driver upgrade code execution attempt (os-windows.rules) * 1:34930 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Urausy outbound traffic attempt (malware-other.rules) * 1:34929 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pvgnm.com - Win.Trojan.Urausy (blacklist.rules) * 1:34934 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (malware-cnc.rules) * 1:34931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34937 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management preboot policy service stack buffer overflow attempt (server-other.rules) * 1:34938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34939 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34941 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34942 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34932 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (malware-cnc.rules) * 1:34945 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.Dridex dropper message (malware-tools.rules) * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 1:34943 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules)
* 1:17900 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /basic/cn3c2/c.*dll (blacklist.rules) * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:20246 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:13302 <-> DISABLED <-> SERVER-APACHE Apache mod_imagemap cross site scripting attempt (server-apache.rules) * 1:23282 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint query.iqy XSS attempt (server-webapp.rules) * 1:23779 <-> DISABLED <-> SERVER-APACHE Apache WebDAV mod_dav nested entity reference DoS attempt (server-apache.rules) * 1:24099 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection attempt (malware-other.rules) * 1:26765 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start control launchapp ActiveX function call access (browser-plugins.rules) * 1:34763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 mode menu tag out-of-bounds access attempt (browser-ie.rules) * 1:34462 <-> ENABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection attempt (malware-cnc.rules) * 1:31883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound communication (malware-cnc.rules) * 1:29988 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:29356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection (malware-cnc.rules) * 1:21096 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit control panel access (exploit-kit.rules) * 1:20575 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:19636 <-> ENABLED <-> BLACKLIST URI request for known malicious URI - /blog/images/3521.jpg?v (blacklist.rules) * 1:17906 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - 2x/.*php (blacklist.rules) * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:28746 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver SXPG_CALL_SYSTEM remote code execution attempt (server-webapp.rules) * 1:29989 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:28255 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (malware-cnc.rules) * 1:26767 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start control launchapp embed access (browser-plugins.rules) * 1:34416 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 compatibility mode enable attempt (browser-ie.rules) * 1:7128 <-> DISABLED <-> PUA-ADWARE Hijacker wowok mp3 bar outbound connection - advertising 1 (pua-adware.rules) * 1:34764 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 mode menu tag out-of-bounds access attempt (browser-ie.rules) * 1:26883 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:7129 <-> DISABLED <-> PUA-ADWARE Hijacker wowok mp3 bar outbound connection - advertising 2 (pua-adware.rules) * 1:34461 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection attempt (malware-cnc.rules) * 1:26884 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:24124 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:30251 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mumawow outbound connection (malware-cnc.rules) * 1:26886 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:26887 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:28430 <-> ENABLED <-> EXPLOIT-KIT Glazunov exploit kit zip file download (exploit-kit.rules) * 1:29057 <-> ENABLED <-> MALWARE-CNC Installation Win.Trojan.Umberial variant outbound connection (malware-cnc.rules) * 1:29584 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt (server-webapp.rules) * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:29663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dampt variant outbound connection (malware-cnc.rules) * 1:32306 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:30012 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (server-webapp.rules) * 1:27093 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:32305 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:30013 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (server-webapp.rules) * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules) * 1:21984 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34925 <-> DISABLED <-> DELETED FILE-OFFICE OpenOffice Word document table parsing sprmTDelete heap buffer overflow attempt (deleted.rules) * 1:34924 <-> DISABLED <-> DELETED FILE-OFFICE OpenOffice Word document table parsing sprmTDelete heap buffer overflow attempt (deleted.rules) * 1:34926 <-> DISABLED <-> BLACKLIST DNS request for known adware domain cloud4ads.com - Win.Adware.PullUpdate (blacklist.rules) * 1:34927 <-> DISABLED <-> PUA-ADWARE PullUpdate installer outbound connection (pua-adware.rules) * 1:34928 <-> ENABLED <-> BLACKLIST DNS request for known malware domain aotc.ru - Win.Trojan.Urausy (blacklist.rules) * 1:34930 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Urausy outbound traffic attempt (malware-other.rules) * 1:34929 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pvgnm.com - Win.Trojan.Urausy (blacklist.rules) * 1:34931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34932 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (malware-cnc.rules) * 1:34933 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HSC DVD driver upgrade code execution attempt (os-windows.rules) * 1:34934 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (malware-cnc.rules) * 1:34935 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (malware-cnc.rules) * 1:34936 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Swaylib outbound variant connection (malware-cnc.rules) * 1:34937 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management preboot policy service stack buffer overflow attempt (server-other.rules) * 1:34938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34939 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34940 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34941 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34942 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34943 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 1:34945 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.Dridex dropper message (malware-tools.rules)
* 1:31883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound communication (malware-cnc.rules) * 1:29988 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:29356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection (malware-cnc.rules) * 1:20575 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:21096 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit control panel access (exploit-kit.rules) * 1:19636 <-> ENABLED <-> BLACKLIST URI request for known malicious URI - /blog/images/3521.jpg?v (blacklist.rules) * 1:20246 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:17900 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /basic/cn3c2/c.*dll (blacklist.rules) * 1:17906 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - 2x/.*php (blacklist.rules) * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:13302 <-> DISABLED <-> SERVER-APACHE Apache mod_imagemap cross site scripting attempt (server-apache.rules) * 1:34461 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection attempt (malware-cnc.rules) * 1:23282 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint query.iqy XSS attempt (server-webapp.rules) * 1:24124 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:24099 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection attempt (malware-other.rules) * 1:23779 <-> DISABLED <-> SERVER-APACHE Apache WebDAV mod_dav nested entity reference DoS attempt (server-apache.rules) * 1:26765 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start control launchapp ActiveX function call access (browser-plugins.rules) * 1:26767 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start control launchapp embed access (browser-plugins.rules) * 1:26883 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:26887 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:26884 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:26886 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:34416 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 compatibility mode enable attempt (browser-ie.rules) * 1:34462 <-> ENABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection attempt (malware-cnc.rules) * 1:34763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 mode menu tag out-of-bounds access attempt (browser-ie.rules) * 1:27093 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:34764 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 mode menu tag out-of-bounds access attempt (browser-ie.rules) * 1:7129 <-> DISABLED <-> PUA-ADWARE Hijacker wowok mp3 bar outbound connection - advertising 2 (pua-adware.rules) * 1:28255 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (malware-cnc.rules) * 1:29057 <-> ENABLED <-> MALWARE-CNC Installation Win.Trojan.Umberial variant outbound connection (malware-cnc.rules) * 1:28430 <-> ENABLED <-> EXPLOIT-KIT Glazunov exploit kit zip file download (exploit-kit.rules) * 1:28746 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver SXPG_CALL_SYSTEM remote code execution attempt (server-webapp.rules) * 1:29584 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt (server-webapp.rules) * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:30013 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (server-webapp.rules) * 1:29663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dampt variant outbound connection (malware-cnc.rules) * 1:7128 <-> DISABLED <-> PUA-ADWARE Hijacker wowok mp3 bar outbound connection - advertising 1 (pua-adware.rules) * 1:29989 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:30251 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mumawow outbound connection (malware-cnc.rules) * 1:32305 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32306 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:30012 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (server-webapp.rules) * 1:21984 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (malware-cnc.rules) * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34945 <-> ENABLED <-> MALWARE-TOOLS Win.Trojan.Dridex dropper message (malware-tools.rules) * 1:34944 <-> DISABLED <-> POLICY-OTHER Arcserve Unified Data Protection Management credential disclosure attempt (policy-other.rules) * 1:34943 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34942 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34941 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34940 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34939 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34937 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management preboot policy service stack buffer overflow attempt (server-other.rules) * 1:34936 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Swaylib outbound variant connection (malware-cnc.rules) * 1:34935 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (malware-cnc.rules) * 1:34934 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (malware-cnc.rules) * 1:34933 <-> DISABLED <-> OS-WINDOWS Microsoft Windows HSC DVD driver upgrade code execution attempt (os-windows.rules) * 1:34932 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (malware-cnc.rules) * 1:34931 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34930 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Urausy outbound traffic attempt (malware-other.rules) * 1:34929 <-> ENABLED <-> BLACKLIST DNS request for known malware domain pvgnm.com - Win.Trojan.Urausy (blacklist.rules) * 1:34928 <-> ENABLED <-> BLACKLIST DNS request for known malware domain aotc.ru - Win.Trojan.Urausy (blacklist.rules) * 1:34927 <-> DISABLED <-> PUA-ADWARE PullUpdate installer outbound connection (pua-adware.rules) * 1:34926 <-> DISABLED <-> BLACKLIST DNS request for known adware domain cloud4ads.com - Win.Adware.PullUpdate (blacklist.rules) * 1:34925 <-> DISABLED <-> DELETED FILE-OFFICE OpenOffice Word document table parsing sprmTDelete heap buffer overflow attempt (deleted.rules) * 1:34924 <-> DISABLED <-> DELETED FILE-OFFICE OpenOffice Word document table parsing sprmTDelete heap buffer overflow attempt (deleted.rules)
* 1:7129 <-> DISABLED <-> PUA-ADWARE Hijacker wowok mp3 bar outbound connection - advertising 2 (pua-adware.rules) * 1:7128 <-> DISABLED <-> PUA-ADWARE Hijacker wowok mp3 bar outbound connection - advertising 1 (pua-adware.rules) * 1:34764 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 mode menu tag out-of-bounds access attempt (browser-ie.rules) * 1:34763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 mode menu tag out-of-bounds access attempt (browser-ie.rules) * 1:34461 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection attempt (malware-cnc.rules) * 1:34462 <-> ENABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection attempt (malware-cnc.rules) * 1:34416 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 compatibility mode enable attempt (browser-ie.rules) * 1:32306 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:32305 <-> ENABLED <-> FILE-FLASH Adobe Flash Player regex denial of service attempt (file-flash.rules) * 1:30251 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mumawow outbound connection (malware-cnc.rules) * 1:31883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound communication (malware-cnc.rules) * 1:30013 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (server-webapp.rules) * 1:30012 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (server-webapp.rules) * 1:29989 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:29988 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:29663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dampt variant outbound connection (malware-cnc.rules) * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:29584 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt (server-webapp.rules) * 1:29356 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection (malware-cnc.rules) * 1:29057 <-> ENABLED <-> MALWARE-CNC Installation Win.Trojan.Umberial variant outbound connection (malware-cnc.rules) * 1:28746 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver SXPG_CALL_SYSTEM remote code execution attempt (server-webapp.rules) * 1:28430 <-> ENABLED <-> EXPLOIT-KIT Glazunov exploit kit zip file download (exploit-kit.rules) * 1:28255 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kuluoz Potential phishing URL (malware-cnc.rules) * 1:27093 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules) * 1:26887 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:26886 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:26884 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:26883 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll use after free attempt (browser-ie.rules) * 1:13302 <-> DISABLED <-> SERVER-APACHE Apache mod_imagemap cross site scripting attempt (server-apache.rules) * 1:13483 <-> ENABLED <-> PUA-TOOLBARS Hijacker baidu toolbar runtime detection - updates automatically (pua-toolbars.rules) * 1:26767 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start control launchapp embed access (browser-plugins.rules) * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:17900 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /basic/cn3c2/c.*dll (blacklist.rules) * 1:17906 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - 2x/.*php (blacklist.rules) * 1:19636 <-> ENABLED <-> BLACKLIST URI request for known malicious URI - /blog/images/3521.jpg?v (blacklist.rules) * 1:26765 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start control launchapp ActiveX function call access (browser-plugins.rules) * 1:20246 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:20575 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:21096 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit control panel access (exploit-kit.rules) * 1:24124 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF JBIG2 remote code execution attempt (file-pdf.rules) * 1:23779 <-> DISABLED <-> SERVER-APACHE Apache WebDAV mod_dav nested entity reference DoS attempt (server-apache.rules) * 1:24099 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection attempt (malware-other.rules) * 1:23282 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint query.iqy XSS attempt (server-webapp.rules) * 1:21984 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (malware-cnc.rules) * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
