Talos has added and modified multiple rules in the blacklist, browser-chrome, browser-plugins, file-multimedia, file-pdf, malware-backdoor, malware-cnc, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35412 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules) * 1:35390 <-> ENABLED <-> BLACKLIST DNS request for known malware domain golemerix.com - Win.Trojan.TorrentLocker/Teerac (blacklist.rules) * 1:35392 <-> ENABLED <-> BLACKLIST DNS request for known malware domain loawelis.org - Win.Trojan.TorrentLocker/Teerac (blacklist.rules) * 1:35413 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:35391 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bokepros.net - Win.Trojan.TorrentLocker/Teerac (blacklist.rules) * 1:35387 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection attempt (malware-cnc.rules) * 1:35389 <-> ENABLED <-> BLACKLIST DNS request for known malware domain poletaute.org - Win.Trojan.TorrentLocker/Teerac (blacklist.rules) * 1:35386 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection attempt (malware-cnc.rules) * 1:35411 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules) * 1:35410 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules) * 1:35414 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:35384 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nicabown variant outbound connection (malware-backdoor.rules) * 1:35385 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules) * 1:35393 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac self-signed certificate (malware-cnc.rules) * 1:35394 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules) * 1:35395 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules) * 1:35396 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules) * 1:35397 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules) * 1:35398 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules) * 1:35399 <-> DISABLED <-> SERVER-WEBAPP WordPress MailChimp Subscribe Forms PHP Code Execution command injection attempt (server-webapp.rules) * 1:35400 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules) * 1:35401 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules) * 1:35403 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules) * 1:35402 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules) * 1:35404 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules) * 1:35405 <-> DISABLED <-> SERVER-OTHER HP Release Control authenticated privilege escalation attempt (server-other.rules) * 1:35406 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_status heap buffer overflow attempt (server-apache.rules) * 1:35407 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules) * 1:35408 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules) * 1:35409 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules) * 1:35416 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules) * 1:35388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules) * 1:35415 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules)
* 1:28461 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:30792 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30791 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:28462 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:30790 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30793 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:24508 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:35331 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules) * 1:35332 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules) * 1:24507 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35391 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bokepros.net - Win.Trojan.TorrentLocker/Teerac (blacklist.rules) * 1:35413 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:35390 <-> ENABLED <-> BLACKLIST DNS request for known malware domain golemerix.com - Win.Trojan.TorrentLocker/Teerac (blacklist.rules) * 1:35389 <-> ENABLED <-> BLACKLIST DNS request for known malware domain poletaute.org - Win.Trojan.TorrentLocker/Teerac (blacklist.rules) * 1:35387 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection attempt (malware-cnc.rules) * 1:35386 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection attempt (malware-cnc.rules) * 1:35414 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:35392 <-> ENABLED <-> BLACKLIST DNS request for known malware domain loawelis.org - Win.Trojan.TorrentLocker/Teerac (blacklist.rules) * 1:35384 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nicabown variant outbound connection (malware-backdoor.rules) * 1:35385 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules) * 1:35393 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac self-signed certificate (malware-cnc.rules) * 1:35394 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules) * 1:35395 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules) * 1:35396 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules) * 1:35398 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules) * 1:35397 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules) * 1:35399 <-> DISABLED <-> SERVER-WEBAPP WordPress MailChimp Subscribe Forms PHP Code Execution command injection attempt (server-webapp.rules) * 1:35400 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules) * 1:35401 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules) * 1:35403 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules) * 1:35402 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules) * 1:35404 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules) * 1:35405 <-> DISABLED <-> SERVER-OTHER HP Release Control authenticated privilege escalation attempt (server-other.rules) * 1:35406 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_status heap buffer overflow attempt (server-apache.rules) * 1:35408 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules) * 1:35407 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules) * 1:35410 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules) * 1:35409 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules) * 1:35388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules) * 1:35411 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules) * 1:35416 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules) * 1:35415 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules) * 1:35412 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules)
* 1:35331 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules) * 1:24508 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:24507 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28462 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:30791 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30790 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30792 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30793 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:35332 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules) * 1:28461 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35387 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection attempt (malware-cnc.rules) * 1:35389 <-> ENABLED <-> BLACKLIST DNS request for known malware domain poletaute.org - Win.Trojan.TorrentLocker/Teerac (blacklist.rules) * 1:35386 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection attempt (malware-cnc.rules) * 1:35390 <-> ENABLED <-> BLACKLIST DNS request for known malware domain golemerix.com - Win.Trojan.TorrentLocker/Teerac (blacklist.rules) * 1:35392 <-> ENABLED <-> BLACKLIST DNS request for known malware domain loawelis.org - Win.Trojan.TorrentLocker/Teerac (blacklist.rules) * 1:35384 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nicabown variant outbound connection (malware-backdoor.rules) * 1:35385 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules) * 1:35393 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac self-signed certificate (malware-cnc.rules) * 1:35394 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules) * 1:35395 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules) * 1:35396 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules) * 1:35398 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules) * 1:35397 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules) * 1:35399 <-> DISABLED <-> SERVER-WEBAPP WordPress MailChimp Subscribe Forms PHP Code Execution command injection attempt (server-webapp.rules) * 1:35400 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules) * 1:35401 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules) * 1:35403 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules) * 1:35402 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules) * 1:35404 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules) * 1:35405 <-> DISABLED <-> SERVER-OTHER HP Release Control authenticated privilege escalation attempt (server-other.rules) * 1:35406 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_status heap buffer overflow attempt (server-apache.rules) * 1:35408 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules) * 1:35407 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules) * 1:35409 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules) * 1:35410 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules) * 1:35411 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules) * 1:35388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules) * 1:35416 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules) * 1:35415 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules) * 1:35391 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bokepros.net - Win.Trojan.TorrentLocker/Teerac (blacklist.rules) * 1:35414 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:35413 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:35412 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules)
* 1:30793 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:24507 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28461 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:24508 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28462 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:30790 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30791 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30792 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:35332 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules) * 1:35331 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35416 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules) * 1:35415 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules) * 1:35414 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:35413 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:35412 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules) * 1:35411 <-> DISABLED <-> BROWSER-CHROME Google Chrome XSSAuditor Policy ByPass command injection attempt (browser-chrome.rules) * 1:35410 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules) * 1:35409 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules) * 1:35408 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules) * 1:35407 <-> ENABLED <-> FILE-PDF Adobe Reader setItems use-after-free attempt (file-pdf.rules) * 1:35406 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_status heap buffer overflow attempt (server-apache.rules) * 1:35405 <-> DISABLED <-> SERVER-OTHER HP Release Control authenticated privilege escalation attempt (server-other.rules) * 1:35404 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules) * 1:35403 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules) * 1:35402 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules) * 1:35401 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality Postcard PreviewInt onclose untrusted pointer dereference attempt (browser-plugins.rules) * 1:35400 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules) * 1:35399 <-> DISABLED <-> SERVER-WEBAPP WordPress MailChimp Subscribe Forms PHP Code Execution command injection attempt (server-webapp.rules) * 1:35398 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules) * 1:35397 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules) * 1:35396 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules) * 1:35395 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality DateTimeWrapper onchange untrusted pointer dereference attempt (browser-plugins.rules) * 1:35394 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules) * 1:35393 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac self-signed certificate (malware-cnc.rules) * 1:35392 <-> ENABLED <-> BLACKLIST DNS request for known malware domain loawelis.org - Win.Trojan.TorrentLocker/Teerac (blacklist.rules) * 1:35391 <-> ENABLED <-> BLACKLIST DNS request for known malware domain bokepros.net - Win.Trojan.TorrentLocker/Teerac (blacklist.rules) * 1:35390 <-> ENABLED <-> BLACKLIST DNS request for known malware domain golemerix.com - Win.Trojan.TorrentLocker/Teerac (blacklist.rules) * 1:35389 <-> ENABLED <-> BLACKLIST DNS request for known malware domain poletaute.org - Win.Trojan.TorrentLocker/Teerac (blacklist.rules) * 1:35388 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules) * 1:35387 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection attempt (malware-cnc.rules) * 1:35386 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection attempt (malware-cnc.rules) * 1:35385 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules) * 1:35384 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nicabown variant outbound connection (malware-backdoor.rules)
* 1:24507 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:24508 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28461 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28462 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:30790 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30791 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30792 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30793 <-> ENABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:35331 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules) * 1:35332 <-> DISABLED <-> FILE-PDF Adobe Reader PDF document closed prior to javascript termination use after free attempt (file-pdf.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
