Talos has added and modified multiple rules in the blacklist, browser-plugins, file-flash, file-image, file-pdf, malware-backdoor and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35348 <-> ENABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (malware-cnc.rules) * 1:35369 <-> ENABLED <-> BLACKLIST DNS request for known malware domain domain.gokickes.com - Win.Backdoor.Bimteni (blacklist.rules) * 1:35366 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35359 <-> DISABLED <-> SERVER-WEBAPP Cacti selected_items SQL injection attempt (server-webapp.rules) * 1:35380 <-> ENABLED <-> FILE-PDF Adobe Reader javascript setExportValues field object use after free attempt (file-pdf.rules) * 1:35381 <-> ENABLED <-> FILE-PDF Adobe Reader javascript setExportValues field object use after free attempt (file-pdf.rules) * 1:35360 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader DC TIFF orientation heap buffer overflow attempt (file-image.rules) * 1:35357 <-> DISABLED <-> SERVER-WEBAPP AirLink101 SkyIPCam snwrite.cgi command injection attempt (server-webapp.rules) * 1:35353 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (malware-cnc.rules) * 1:35376 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35378 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35377 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35373 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35368 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bbs.gokickes.com - Win.Backdoor.Bimteni (blacklist.rules) * 1:35358 <-> DISABLED <-> SERVER-WEBAPP Wordpress RightNow theme file upload attempt (server-webapp.rules) * 1:35363 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader DC TIFF orientation heap buffer overflow attempt (file-image.rules) * 1:35383 <-> ENABLED <-> FILE-PDF Adobe Reader javascript setExportValues field object use after free attempt (file-pdf.rules) * 1:35355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (malware-cnc.rules) * 1:35379 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35362 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader DC TIFF orientation heap buffer overflow attempt (file-image.rules) * 1:35382 <-> ENABLED <-> FILE-PDF Adobe Reader javascript setExportValues field object use after free attempt (file-pdf.rules) * 1:35350 <-> DISABLED <-> BROWSER-PLUGINS Oracle DcsXB onloadstatechange ActiveX clsid access attempt (browser-plugins.rules) * 1:35349 <-> DISABLED <-> BROWSER-PLUGINS Oracle DcsXB onloadstatechange ActiveX clsid access attempt (browser-plugins.rules) * 1:35365 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35364 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35367 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35370 <-> ENABLED <-> BLACKLIST DNS request for known malware domain img.lifesolves.com - Win.Backdoor.Bimteni (blacklist.rules) * 1:35371 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Bimteni variant initial outbound connection (malware-backdoor.rules) * 1:35372 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35374 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35375 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35356 <-> DISABLED <-> SERVER-WEBAPP AirLink101 SkyIPCam snwrite.cgi command injection attempt (server-webapp.rules) * 1:35354 <-> DISABLED <-> SERVER-WEBAPP Cacti graphs local_graph_id SQL injection attempt (server-webapp.rules) * 1:35361 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader DC TIFF orientation heap buffer overflow attempt (file-image.rules) * 1:35351 <-> DISABLED <-> BROWSER-PLUGINS Oracle DcsXB onloadstatechange ActiveX clsid access attempt (browser-plugins.rules) * 1:35352 <-> DISABLED <-> BROWSER-PLUGINS Oracle DcsXB onloadstatechange ActiveX clsid access attempt (browser-plugins.rules)
* 1:35331 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules) * 1:35332 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules) * 1:24044 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:24041 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:32310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfi variant outbound connection (malware-cnc.rules) * 1:24039 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call access (browser-plugins.rules) * 1:24043 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:24040 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:24042 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:21064 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:21063 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35354 <-> DISABLED <-> SERVER-WEBAPP Cacti graphs local_graph_id SQL injection attempt (server-webapp.rules) * 1:35353 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (malware-cnc.rules) * 1:35378 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35376 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35377 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35373 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35368 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bbs.gokickes.com - Win.Backdoor.Bimteni (blacklist.rules) * 1:35363 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader DC TIFF orientation heap buffer overflow attempt (file-image.rules) * 1:35358 <-> DISABLED <-> SERVER-WEBAPP Wordpress RightNow theme file upload attempt (server-webapp.rules) * 1:35369 <-> ENABLED <-> BLACKLIST DNS request for known malware domain domain.gokickes.com - Win.Backdoor.Bimteni (blacklist.rules) * 1:35375 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35382 <-> ENABLED <-> FILE-PDF Adobe Reader javascript setExportValues field object use after free attempt (file-pdf.rules) * 1:35383 <-> ENABLED <-> FILE-PDF Adobe Reader javascript setExportValues field object use after free attempt (file-pdf.rules) * 1:35381 <-> ENABLED <-> FILE-PDF Adobe Reader javascript setExportValues field object use after free attempt (file-pdf.rules) * 1:35355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (malware-cnc.rules) * 1:35349 <-> DISABLED <-> BROWSER-PLUGINS Oracle DcsXB onloadstatechange ActiveX clsid access attempt (browser-plugins.rules) * 1:35380 <-> ENABLED <-> FILE-PDF Adobe Reader javascript setExportValues field object use after free attempt (file-pdf.rules) * 1:35350 <-> DISABLED <-> BROWSER-PLUGINS Oracle DcsXB onloadstatechange ActiveX clsid access attempt (browser-plugins.rules) * 1:35357 <-> DISABLED <-> SERVER-WEBAPP AirLink101 SkyIPCam snwrite.cgi command injection attempt (server-webapp.rules) * 1:35356 <-> DISABLED <-> SERVER-WEBAPP AirLink101 SkyIPCam snwrite.cgi command injection attempt (server-webapp.rules) * 1:35360 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader DC TIFF orientation heap buffer overflow attempt (file-image.rules) * 1:35359 <-> DISABLED <-> SERVER-WEBAPP Cacti selected_items SQL injection attempt (server-webapp.rules) * 1:35361 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader DC TIFF orientation heap buffer overflow attempt (file-image.rules) * 1:35364 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35362 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader DC TIFF orientation heap buffer overflow attempt (file-image.rules) * 1:35365 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35366 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35367 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35352 <-> DISABLED <-> BROWSER-PLUGINS Oracle DcsXB onloadstatechange ActiveX clsid access attempt (browser-plugins.rules) * 1:35370 <-> ENABLED <-> BLACKLIST DNS request for known malware domain img.lifesolves.com - Win.Backdoor.Bimteni (blacklist.rules) * 1:35371 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Bimteni variant initial outbound connection (malware-backdoor.rules) * 1:35372 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35374 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35351 <-> DISABLED <-> BROWSER-PLUGINS Oracle DcsXB onloadstatechange ActiveX clsid access attempt (browser-plugins.rules) * 1:35379 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35348 <-> ENABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (malware-cnc.rules)
* 1:35331 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules) * 1:35332 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules) * 1:24041 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:32310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfi variant outbound connection (malware-cnc.rules) * 1:24043 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:24044 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:24040 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:24042 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:24039 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call access (browser-plugins.rules) * 1:21063 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:21064 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35378 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35376 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35377 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35373 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35368 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bbs.gokickes.com - Win.Backdoor.Bimteni (blacklist.rules) * 1:35363 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader DC TIFF orientation heap buffer overflow attempt (file-image.rules) * 1:35358 <-> DISABLED <-> SERVER-WEBAPP Wordpress RightNow theme file upload attempt (server-webapp.rules) * 1:35352 <-> DISABLED <-> BROWSER-PLUGINS Oracle DcsXB onloadstatechange ActiveX clsid access attempt (browser-plugins.rules) * 1:35354 <-> DISABLED <-> SERVER-WEBAPP Cacti graphs local_graph_id SQL injection attempt (server-webapp.rules) * 1:35356 <-> DISABLED <-> SERVER-WEBAPP AirLink101 SkyIPCam snwrite.cgi command injection attempt (server-webapp.rules) * 1:35357 <-> DISABLED <-> SERVER-WEBAPP AirLink101 SkyIPCam snwrite.cgi command injection attempt (server-webapp.rules) * 1:35359 <-> DISABLED <-> SERVER-WEBAPP Cacti selected_items SQL injection attempt (server-webapp.rules) * 1:35360 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader DC TIFF orientation heap buffer overflow attempt (file-image.rules) * 1:35361 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader DC TIFF orientation heap buffer overflow attempt (file-image.rules) * 1:35362 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader DC TIFF orientation heap buffer overflow attempt (file-image.rules) * 1:35364 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35365 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35366 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35367 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35369 <-> ENABLED <-> BLACKLIST DNS request for known malware domain domain.gokickes.com - Win.Backdoor.Bimteni (blacklist.rules) * 1:35370 <-> ENABLED <-> BLACKLIST DNS request for known malware domain img.lifesolves.com - Win.Backdoor.Bimteni (blacklist.rules) * 1:35371 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Bimteni variant initial outbound connection (malware-backdoor.rules) * 1:35372 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35374 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35375 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35353 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (malware-cnc.rules) * 1:35383 <-> ENABLED <-> FILE-PDF Adobe Reader javascript setExportValues field object use after free attempt (file-pdf.rules) * 1:35382 <-> ENABLED <-> FILE-PDF Adobe Reader javascript setExportValues field object use after free attempt (file-pdf.rules) * 1:35355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (malware-cnc.rules) * 1:35381 <-> ENABLED <-> FILE-PDF Adobe Reader javascript setExportValues field object use after free attempt (file-pdf.rules) * 1:35380 <-> ENABLED <-> FILE-PDF Adobe Reader javascript setExportValues field object use after free attempt (file-pdf.rules) * 1:35349 <-> DISABLED <-> BROWSER-PLUGINS Oracle DcsXB onloadstatechange ActiveX clsid access attempt (browser-plugins.rules) * 1:35350 <-> DISABLED <-> BROWSER-PLUGINS Oracle DcsXB onloadstatechange ActiveX clsid access attempt (browser-plugins.rules) * 1:35379 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35348 <-> ENABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (malware-cnc.rules) * 1:35351 <-> DISABLED <-> BROWSER-PLUGINS Oracle DcsXB onloadstatechange ActiveX clsid access attempt (browser-plugins.rules)
* 1:35331 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules) * 1:35332 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules) * 1:24044 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:32310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfi variant outbound connection (malware-cnc.rules) * 1:24042 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:24043 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:24040 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:24041 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:21064 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:24039 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call access (browser-plugins.rules) * 1:21063 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35383 <-> ENABLED <-> FILE-PDF Adobe Reader javascript setExportValues field object use after free attempt (file-pdf.rules) * 1:35382 <-> ENABLED <-> FILE-PDF Adobe Reader javascript setExportValues field object use after free attempt (file-pdf.rules) * 1:35381 <-> ENABLED <-> FILE-PDF Adobe Reader javascript setExportValues field object use after free attempt (file-pdf.rules) * 1:35380 <-> ENABLED <-> FILE-PDF Adobe Reader javascript setExportValues field object use after free attempt (file-pdf.rules) * 1:35379 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35378 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35377 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35376 <-> ENABLED <-> FILE-FLASH Adobe Flash Player cross-site file download attempt (file-flash.rules) * 1:35375 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35374 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35373 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35372 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35371 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Bimteni variant initial outbound connection (malware-backdoor.rules) * 1:35370 <-> ENABLED <-> BLACKLIST DNS request for known malware domain img.lifesolves.com - Win.Backdoor.Bimteni (blacklist.rules) * 1:35369 <-> ENABLED <-> BLACKLIST DNS request for known malware domain domain.gokickes.com - Win.Backdoor.Bimteni (blacklist.rules) * 1:35368 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bbs.gokickes.com - Win.Backdoor.Bimteni (blacklist.rules) * 1:35367 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35366 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35365 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35364 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35363 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader DC TIFF orientation heap buffer overflow attempt (file-image.rules) * 1:35362 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader DC TIFF orientation heap buffer overflow attempt (file-image.rules) * 1:35361 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader DC TIFF orientation heap buffer overflow attempt (file-image.rules) * 1:35360 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader DC TIFF orientation heap buffer overflow attempt (file-image.rules) * 1:35359 <-> DISABLED <-> SERVER-WEBAPP Cacti selected_items SQL injection attempt (server-webapp.rules) * 1:35358 <-> DISABLED <-> SERVER-WEBAPP Wordpress RightNow theme file upload attempt (server-webapp.rules) * 1:35357 <-> DISABLED <-> SERVER-WEBAPP AirLink101 SkyIPCam snwrite.cgi command injection attempt (server-webapp.rules) * 1:35356 <-> DISABLED <-> SERVER-WEBAPP AirLink101 SkyIPCam snwrite.cgi command injection attempt (server-webapp.rules) * 1:35355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (malware-cnc.rules) * 1:35354 <-> DISABLED <-> SERVER-WEBAPP Cacti graphs local_graph_id SQL injection attempt (server-webapp.rules) * 1:35353 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (malware-cnc.rules) * 1:35352 <-> DISABLED <-> BROWSER-PLUGINS Oracle DcsXB onloadstatechange ActiveX clsid access attempt (browser-plugins.rules) * 1:35351 <-> DISABLED <-> BROWSER-PLUGINS Oracle DcsXB onloadstatechange ActiveX clsid access attempt (browser-plugins.rules) * 1:35350 <-> DISABLED <-> BROWSER-PLUGINS Oracle DcsXB onloadstatechange ActiveX clsid access attempt (browser-plugins.rules) * 1:35349 <-> DISABLED <-> BROWSER-PLUGINS Oracle DcsXB onloadstatechange ActiveX clsid access attempt (browser-plugins.rules) * 1:35348 <-> ENABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (malware-cnc.rules)
* 1:35332 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules) * 1:32310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfi variant outbound connection (malware-cnc.rules) * 1:35331 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules) * 1:24043 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:24044 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:24041 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:24042 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:24039 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call access (browser-plugins.rules) * 1:24040 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:21063 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules) * 1:21064 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access attempt (browser-plugins.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
