Talos has added and modified multiple rules in the blacklist, browser-ie, browser-plugins, exploit-kit, file-office, file-other, file-pdf, malware-cnc, malware-other, protocol-tftp, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35346 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Unicode value memory corruption attempt (file-pdf.rules) * 1:35345 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Unicode value memory corruption attempt (file-pdf.rules) * 1:35344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (malware-cnc.rules) * 1:35335 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35334 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35333 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35332 <-> DISABLED <-> FILE-PDF Adobe Reader format action use after free attempt (file-pdf.rules) * 1:35331 <-> DISABLED <-> FILE-PDF Adobe Reader format action use after free attempt (file-pdf.rules) * 1:35330 <-> DISABLED <-> BROWSER-PLUGINS Agilent Technologies Feature Extraction ActiveX clsid access attempt (browser-plugins.rules) * 1:35329 <-> DISABLED <-> BROWSER-PLUGINS Agilent Technologies Feature Extraction ActiveX clsid access attempt (browser-plugins.rules) * 1:35328 <-> DISABLED <-> BROWSER-PLUGINS Agilent Technologies Feature Extraction ActiveX clsid access attempt (browser-plugins.rules) * 1:35327 <-> DISABLED <-> BROWSER-PLUGINS Agilent Technologies Feature Extraction ActiveX clsid access attempt (browser-plugins.rules) * 1:35326 <-> DISABLED <-> FILE-OFFICE Microsoft Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules) * 1:35325 <-> ENABLED <-> FILE-OFFICE Microsoft Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules) * 1:35324 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader ComboBox field Format action use-after-free attempt (file-pdf.rules) * 1:35323 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader ComboBox field Format action use-after-free attempt (file-pdf.rules) * 1:35322 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules) * 1:35321 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules) * 1:35320 <-> ENABLED <-> FILE-PDF Adobe Reader ToolEventHandler use-after-free attempt (file-pdf.rules) * 1:35319 <-> ENABLED <-> FILE-PDF Adobe Reader ToolEventHandler use-after-free attempt (file-pdf.rules) * 1:35318 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (malware-cnc.rules) * 1:35317 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (malware-cnc.rules) * 1:35316 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string EI Plugin updater (blacklist.rules) * 1:35315 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (malware-cnc.rules) * 1:35314 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_proxy denial of service attempt (server-apache.rules) * 1:35313 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:35312 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection attempt (malware-cnc.rules) * 1:35311 <-> DISABLED <-> SERVER-WEBAPP Centreon getStats.php command injection attempt (server-webapp.rules) * 1:35310 <-> DISABLED <-> SERVER-WEBAPP Centreon getStats.php command injection attempt (server-webapp.rules) * 1:35309 <-> ENABLED <-> FILE-PDF Adobe Reader MakeMeasurement buffer overflow attempt (file-pdf.rules) * 1:35308 <-> ENABLED <-> FILE-PDF Adobe Reader MakeMeasurement buffer overflow attempt (file-pdf.rules) * 1:35307 <-> DISABLED <-> SERVER-OTHER OpenSSL alternative chains certificate forgery attempt (server-other.rules) * 1:35306 <-> ENABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (malware-cnc.rules) * 3:35336 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35337 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35338 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35339 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35340 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35341 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35342 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35343 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35347 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified MeetingPlace password change policy bypass attempt (server-webapp.rules)
* 1:35305 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD kernel pool overflow attempt (file-other.rules) * 1:35115 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer replaceChild function memory corruption attempt (browser-ie.rules) * 1:35304 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD kernel pool overflow attempt (file-other.rules) * 1:34991 <-> ENABLED <-> MALWARE-OTHER Group 6 Adobe Flash exploit download attempt (malware-other.rules) * 1:35114 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer replaceChild function memory corruption attempt (browser-ie.rules) * 1:28251 <-> DISABLED <-> SERVER-WEBAPP Zabbix httpmon.php SQL injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35307 <-> DISABLED <-> SERVER-OTHER OpenSSL alternative chains certificate forgery attempt (server-other.rules) * 1:35320 <-> ENABLED <-> FILE-PDF Adobe Reader ToolEventHandler use-after-free attempt (file-pdf.rules) * 1:35311 <-> DISABLED <-> SERVER-WEBAPP Centreon getStats.php command injection attempt (server-webapp.rules) * 1:35310 <-> DISABLED <-> SERVER-WEBAPP Centreon getStats.php command injection attempt (server-webapp.rules) * 1:35313 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:35312 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection attempt (malware-cnc.rules) * 1:35314 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_proxy denial of service attempt (server-apache.rules) * 1:35308 <-> ENABLED <-> FILE-PDF Adobe Reader MakeMeasurement buffer overflow attempt (file-pdf.rules) * 1:35309 <-> ENABLED <-> FILE-PDF Adobe Reader MakeMeasurement buffer overflow attempt (file-pdf.rules) * 1:35315 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (malware-cnc.rules) * 1:35306 <-> ENABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (malware-cnc.rules) * 1:35316 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string EI Plugin updater (blacklist.rules) * 1:35318 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (malware-cnc.rules) * 1:35317 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (malware-cnc.rules) * 1:35319 <-> ENABLED <-> FILE-PDF Adobe Reader ToolEventHandler use-after-free attempt (file-pdf.rules) * 1:35321 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules) * 1:35322 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules) * 1:35323 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader ComboBox field Format action use-after-free attempt (file-pdf.rules) * 1:35324 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader ComboBox field Format action use-after-free attempt (file-pdf.rules) * 1:35325 <-> ENABLED <-> FILE-OFFICE Microsoft Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules) * 1:35326 <-> DISABLED <-> FILE-OFFICE Microsoft Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules) * 1:35327 <-> DISABLED <-> BROWSER-PLUGINS Agilent Technologies Feature Extraction ActiveX clsid access attempt (browser-plugins.rules) * 1:35328 <-> DISABLED <-> BROWSER-PLUGINS Agilent Technologies Feature Extraction ActiveX clsid access attempt (browser-plugins.rules) * 1:35329 <-> DISABLED <-> BROWSER-PLUGINS Agilent Technologies Feature Extraction ActiveX clsid access attempt (browser-plugins.rules) * 1:35330 <-> DISABLED <-> BROWSER-PLUGINS Agilent Technologies Feature Extraction ActiveX clsid access attempt (browser-plugins.rules) * 1:35346 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Unicode value memory corruption attempt (file-pdf.rules) * 1:35345 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Unicode value memory corruption attempt (file-pdf.rules) * 1:35344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (malware-cnc.rules) * 1:35335 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35333 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35334 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35332 <-> DISABLED <-> FILE-PDF Adobe Reader format action use after free attempt (file-pdf.rules) * 1:35331 <-> DISABLED <-> FILE-PDF Adobe Reader format action use after free attempt (file-pdf.rules) * 3:35343 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35338 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35337 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35339 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35340 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35342 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35347 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified MeetingPlace password change policy bypass attempt (server-webapp.rules) * 3:35341 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35336 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules)
* 1:35304 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD kernel pool overflow attempt (file-other.rules) * 1:35115 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer replaceChild function memory corruption attempt (browser-ie.rules) * 1:35114 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer replaceChild function memory corruption attempt (browser-ie.rules) * 1:35305 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD kernel pool overflow attempt (file-other.rules) * 1:34991 <-> ENABLED <-> MALWARE-OTHER Group 6 Adobe Flash exploit download attempt (malware-other.rules) * 1:28251 <-> DISABLED <-> SERVER-WEBAPP Zabbix httpmon.php SQL injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35324 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader ComboBox field Format action use-after-free attempt (file-pdf.rules) * 1:35325 <-> ENABLED <-> FILE-OFFICE Microsoft Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules) * 1:35322 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules) * 1:35345 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Unicode value memory corruption attempt (file-pdf.rules) * 1:35319 <-> ENABLED <-> FILE-PDF Adobe Reader ToolEventHandler use-after-free attempt (file-pdf.rules) * 1:35308 <-> ENABLED <-> FILE-PDF Adobe Reader MakeMeasurement buffer overflow attempt (file-pdf.rules) * 1:35310 <-> DISABLED <-> SERVER-WEBAPP Centreon getStats.php command injection attempt (server-webapp.rules) * 1:35317 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (malware-cnc.rules) * 1:35309 <-> ENABLED <-> FILE-PDF Adobe Reader MakeMeasurement buffer overflow attempt (file-pdf.rules) * 1:35307 <-> DISABLED <-> SERVER-OTHER OpenSSL alternative chains certificate forgery attempt (server-other.rules) * 1:35320 <-> ENABLED <-> FILE-PDF Adobe Reader ToolEventHandler use-after-free attempt (file-pdf.rules) * 1:35306 <-> ENABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (malware-cnc.rules) * 1:35312 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection attempt (malware-cnc.rules) * 1:35314 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_proxy denial of service attempt (server-apache.rules) * 1:35332 <-> DISABLED <-> FILE-PDF Adobe Reader format action use after free attempt (file-pdf.rules) * 1:35344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (malware-cnc.rules) * 1:35315 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (malware-cnc.rules) * 1:35316 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string EI Plugin updater (blacklist.rules) * 1:35318 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (malware-cnc.rules) * 1:35334 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35311 <-> DISABLED <-> SERVER-WEBAPP Centreon getStats.php command injection attempt (server-webapp.rules) * 1:35321 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules) * 1:35323 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader ComboBox field Format action use-after-free attempt (file-pdf.rules) * 1:35333 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35335 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35313 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:35326 <-> DISABLED <-> FILE-OFFICE Microsoft Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules) * 1:35327 <-> DISABLED <-> BROWSER-PLUGINS Agilent Technologies Feature Extraction ActiveX clsid access attempt (browser-plugins.rules) * 1:35328 <-> DISABLED <-> BROWSER-PLUGINS Agilent Technologies Feature Extraction ActiveX clsid access attempt (browser-plugins.rules) * 1:35329 <-> DISABLED <-> BROWSER-PLUGINS Agilent Technologies Feature Extraction ActiveX clsid access attempt (browser-plugins.rules) * 1:35330 <-> DISABLED <-> BROWSER-PLUGINS Agilent Technologies Feature Extraction ActiveX clsid access attempt (browser-plugins.rules) * 1:35346 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Unicode value memory corruption attempt (file-pdf.rules) * 1:35331 <-> DISABLED <-> FILE-PDF Adobe Reader format action use after free attempt (file-pdf.rules) * 3:35339 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35338 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35340 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35343 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35337 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35347 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified MeetingPlace password change policy bypass attempt (server-webapp.rules) * 3:35336 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35342 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35341 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules)
* 1:35305 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD kernel pool overflow attempt (file-other.rules) * 1:34991 <-> ENABLED <-> MALWARE-OTHER Group 6 Adobe Flash exploit download attempt (malware-other.rules) * 1:35115 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer replaceChild function memory corruption attempt (browser-ie.rules) * 1:35114 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer replaceChild function memory corruption attempt (browser-ie.rules) * 1:28251 <-> DISABLED <-> SERVER-WEBAPP Zabbix httpmon.php SQL injection attempt (server-webapp.rules) * 1:35304 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD kernel pool overflow attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35310 <-> DISABLED <-> SERVER-WEBAPP Centreon getStats.php command injection attempt (server-webapp.rules) * 1:35312 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection attempt (malware-cnc.rules) * 1:35323 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader ComboBox field Format action use-after-free attempt (file-pdf.rules) * 1:35334 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35314 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_proxy denial of service attempt (server-apache.rules) * 1:35325 <-> ENABLED <-> FILE-OFFICE Microsoft Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules) * 1:35319 <-> ENABLED <-> FILE-PDF Adobe Reader ToolEventHandler use-after-free attempt (file-pdf.rules) * 1:35329 <-> DISABLED <-> BROWSER-PLUGINS Agilent Technologies Feature Extraction ActiveX clsid access attempt (browser-plugins.rules) * 1:35311 <-> DISABLED <-> SERVER-WEBAPP Centreon getStats.php command injection attempt (server-webapp.rules) * 1:35313 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:35324 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader ComboBox field Format action use-after-free attempt (file-pdf.rules) * 1:35345 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Unicode value memory corruption attempt (file-pdf.rules) * 1:35315 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (malware-cnc.rules) * 1:35306 <-> ENABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (malware-cnc.rules) * 1:35327 <-> DISABLED <-> BROWSER-PLUGINS Agilent Technologies Feature Extraction ActiveX clsid access attempt (browser-plugins.rules) * 1:35309 <-> ENABLED <-> FILE-PDF Adobe Reader MakeMeasurement buffer overflow attempt (file-pdf.rules) * 1:35307 <-> DISABLED <-> SERVER-OTHER OpenSSL alternative chains certificate forgery attempt (server-other.rules) * 1:35320 <-> ENABLED <-> FILE-PDF Adobe Reader ToolEventHandler use-after-free attempt (file-pdf.rules) * 1:35321 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules) * 1:35316 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string EI Plugin updater (blacklist.rules) * 1:35308 <-> ENABLED <-> FILE-PDF Adobe Reader MakeMeasurement buffer overflow attempt (file-pdf.rules) * 1:35326 <-> DISABLED <-> FILE-OFFICE Microsoft Word RTF Control.TaskSymbol.1 heap corruption attempt - Win.Trojan.Sofacy (file-office.rules) * 1:35332 <-> DISABLED <-> FILE-PDF Adobe Reader format action use after free attempt (file-pdf.rules) * 1:35344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (malware-cnc.rules) * 1:35328 <-> DISABLED <-> BROWSER-PLUGINS Agilent Technologies Feature Extraction ActiveX clsid access attempt (browser-plugins.rules) * 1:35330 <-> DISABLED <-> BROWSER-PLUGINS Agilent Technologies Feature Extraction ActiveX clsid access attempt (browser-plugins.rules) * 1:35335 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35346 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Unicode value memory corruption attempt (file-pdf.rules) * 1:35333 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit Flash download attempt (exploit-kit.rules) * 1:35322 <-> ENABLED <-> FILE-PDF Adobe Reader setTimeOut app.launchURL privilege escalation attempt (file-pdf.rules) * 1:35318 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (malware-cnc.rules) * 1:35331 <-> DISABLED <-> FILE-PDF Adobe Reader format action use after free attempt (file-pdf.rules) * 1:35317 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (malware-cnc.rules) * 3:35341 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35342 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35347 <-> ENABLED <-> SERVER-WEBAPP Cisco Unified MeetingPlace password change policy bypass attempt (server-webapp.rules) * 3:35337 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35343 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35340 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35339 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35338 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules) * 3:35336 <-> ENABLED <-> PROTOCOL-TFTP Cisco IOS TFTP server denial of service attempt (protocol-tftp.rules)
* 1:35114 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer replaceChild function memory corruption attempt (browser-ie.rules) * 1:28251 <-> DISABLED <-> SERVER-WEBAPP Zabbix httpmon.php SQL injection attempt (server-webapp.rules) * 1:34991 <-> ENABLED <-> MALWARE-OTHER Group 6 Adobe Flash exploit download attempt (malware-other.rules) * 1:35304 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD kernel pool overflow attempt (file-other.rules) * 1:35115 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer replaceChild function memory corruption attempt (browser-ie.rules) * 1:35305 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD kernel pool overflow attempt (file-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
