Talos has added and modified multiple rules in the blacklist, browser-firefox, browser-ie, browser-plugins, file-flash, file-identify, file-java, file-office, indicator-scan, malware-cnc, os-mobile and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35436 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:35470 <-> ENABLED <-> BLACKLIST DNS request for known malware domain jctj.yongzhe.pw - Win.Trojan.Baisogu (blacklist.rules) * 1:35465 <-> ENABLED <-> FILE-FLASH Adobe flash player BitmapData.paletteMap use after free attempt (file-flash.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:35435 <-> DISABLED <-> OS-MOBILE Android MP4 buffer overflow attempt (os-mobile.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:35467 <-> ENABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35437 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (malware-cnc.rules) * 1:35449 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35468 <-> ENABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:35440 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35441 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35442 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35444 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality LoaderWizard DataPreview type confusion attempt (browser-plugins.rules) * 1:35443 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35445 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality LoaderWizard DataPreview type confusion attempt (browser-plugins.rules) * 1:35446 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality LoaderWizard DataPreview type confusion attempt (browser-plugins.rules) * 1:35447 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality LoaderWizard DataPreview type confusion attempt (browser-plugins.rules) * 1:35448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep variant outbound connection (malware-cnc.rules) * 1:35450 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35451 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35452 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35453 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35454 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35466 <-> ENABLED <-> FILE-FLASH Adobe flash player BitmapData.paletteMap use after free attempt (file-flash.rules) * 1:35469 <-> ENABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35471 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (malware-cnc.rules) * 1:35472 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules) * 1:35460 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules) * 1:35461 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules) * 1:35462 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Trojan.Kazy (blacklist.rules) * 1:35464 <-> ENABLED <-> FILE-FLASH Adobe flash player BitmapData.paletteMap use after free attempt (file-flash.rules) * 1:35463 <-> ENABLED <-> FILE-FLASH Adobe flash player BitmapData.paletteMap use after free attempt (file-flash.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android MP4 buffer overflow attempt (os-mobile.rules)
* 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules) * 1:25355 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:34623 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize function integer overflow attempt (server-webapp.rules) * 1:20722 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:25353 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:16423 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7/8 execute local file in Internet zone redirect attempt (browser-ie.rules) * 1:12713 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server pitrig_dropmetadata buffer overflow attempt (server-oracle.rules) * 1:25354 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:29802 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 deleted object access via timer memory corruption attempt (browser-ie.rules) * 1:29803 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 deleted object access via timer memory corruption attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35470 <-> ENABLED <-> BLACKLIST DNS request for known malware domain jctj.yongzhe.pw - Win.Trojan.Baisogu (blacklist.rules) * 1:35465 <-> ENABLED <-> FILE-FLASH Adobe flash player BitmapData.paletteMap use after free attempt (file-flash.rules) * 1:35436 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:35435 <-> DISABLED <-> OS-MOBILE Android MP4 buffer overflow attempt (os-mobile.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:35467 <-> ENABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35437 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (malware-cnc.rules) * 1:35468 <-> ENABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:35440 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35441 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35442 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35443 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35444 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality LoaderWizard DataPreview type confusion attempt (browser-plugins.rules) * 1:35445 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality LoaderWizard DataPreview type confusion attempt (browser-plugins.rules) * 1:35446 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality LoaderWizard DataPreview type confusion attempt (browser-plugins.rules) * 1:35447 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality LoaderWizard DataPreview type confusion attempt (browser-plugins.rules) * 1:35448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep variant outbound connection (malware-cnc.rules) * 1:35449 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35466 <-> ENABLED <-> FILE-FLASH Adobe flash player BitmapData.paletteMap use after free attempt (file-flash.rules) * 1:35469 <-> ENABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35472 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules) * 1:35471 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (malware-cnc.rules) * 1:35450 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35451 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35452 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35454 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35453 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules) * 1:35460 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules) * 1:35461 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules) * 1:35462 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Trojan.Kazy (blacklist.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android MP4 buffer overflow attempt (os-mobile.rules) * 1:35464 <-> ENABLED <-> FILE-FLASH Adobe flash player BitmapData.paletteMap use after free attempt (file-flash.rules) * 1:35463 <-> ENABLED <-> FILE-FLASH Adobe flash player BitmapData.paletteMap use after free attempt (file-flash.rules)
* 1:20722 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:12713 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server pitrig_dropmetadata buffer overflow attempt (server-oracle.rules) * 1:16423 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7/8 execute local file in Internet zone redirect attempt (browser-ie.rules) * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules) * 1:25353 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:25354 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:25355 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:29802 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 deleted object access via timer memory corruption attempt (browser-ie.rules) * 1:29803 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 deleted object access via timer memory corruption attempt (browser-ie.rules) * 1:34623 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize function integer overflow attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35435 <-> DISABLED <-> OS-MOBILE Android MP4 buffer overflow attempt (os-mobile.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:35436 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:35440 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35441 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35442 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35444 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality LoaderWizard DataPreview type confusion attempt (browser-plugins.rules) * 1:35443 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35445 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality LoaderWizard DataPreview type confusion attempt (browser-plugins.rules) * 1:35446 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality LoaderWizard DataPreview type confusion attempt (browser-plugins.rules) * 1:35447 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality LoaderWizard DataPreview type confusion attempt (browser-plugins.rules) * 1:35448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep variant outbound connection (malware-cnc.rules) * 1:35449 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35450 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35451 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35452 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35454 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35453 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules) * 1:35460 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules) * 1:35461 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules) * 1:35462 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Trojan.Kazy (blacklist.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android MP4 buffer overflow attempt (os-mobile.rules) * 1:35472 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules) * 1:35471 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (malware-cnc.rules) * 1:35470 <-> ENABLED <-> BLACKLIST DNS request for known malware domain jctj.yongzhe.pw - Win.Trojan.Baisogu (blacklist.rules) * 1:35469 <-> ENABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35468 <-> ENABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35437 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (malware-cnc.rules) * 1:35467 <-> ENABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35465 <-> ENABLED <-> FILE-FLASH Adobe flash player BitmapData.paletteMap use after free attempt (file-flash.rules) * 1:35466 <-> ENABLED <-> FILE-FLASH Adobe flash player BitmapData.paletteMap use after free attempt (file-flash.rules) * 1:35464 <-> ENABLED <-> FILE-FLASH Adobe flash player BitmapData.paletteMap use after free attempt (file-flash.rules) * 1:35463 <-> ENABLED <-> FILE-FLASH Adobe flash player BitmapData.paletteMap use after free attempt (file-flash.rules)
* 1:34623 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize function integer overflow attempt (server-webapp.rules) * 1:25354 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:12713 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server pitrig_dropmetadata buffer overflow attempt (server-oracle.rules) * 1:16423 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7/8 execute local file in Internet zone redirect attempt (browser-ie.rules) * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules) * 1:20722 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:25353 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:29802 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 deleted object access via timer memory corruption attempt (browser-ie.rules) * 1:25355 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:29803 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 deleted object access via timer memory corruption attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35472 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules) * 1:35471 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (malware-cnc.rules) * 1:35470 <-> ENABLED <-> BLACKLIST DNS request for known malware domain jctj.yongzhe.pw - Win.Trojan.Baisogu (blacklist.rules) * 1:35469 <-> ENABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35468 <-> ENABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35467 <-> ENABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35466 <-> ENABLED <-> FILE-FLASH Adobe flash player BitmapData.paletteMap use after free attempt (file-flash.rules) * 1:35465 <-> ENABLED <-> FILE-FLASH Adobe flash player BitmapData.paletteMap use after free attempt (file-flash.rules) * 1:35464 <-> ENABLED <-> FILE-FLASH Adobe flash player BitmapData.paletteMap use after free attempt (file-flash.rules) * 1:35463 <-> ENABLED <-> FILE-FLASH Adobe flash player BitmapData.paletteMap use after free attempt (file-flash.rules) * 1:35462 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Trojan.Kazy (blacklist.rules) * 1:35461 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules) * 1:35460 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallWrapper error handling code execution attempt (browser-firefox.rules) * 1:35459 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file download request (file-identify.rules) * 1:35458 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35457 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35456 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file attachment detected (file-identify.rules) * 1:35455 <-> ENABLED <-> FILE-IDENTIFY Adobe LZMA compressed Flash file magic detected (file-identify.rules) * 1:35454 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35453 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35452 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35451 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35450 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35449 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules) * 1:35448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep variant outbound connection (malware-cnc.rules) * 1:35447 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality LoaderWizard DataPreview type confusion attempt (browser-plugins.rules) * 1:35446 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality LoaderWizard DataPreview type confusion attempt (browser-plugins.rules) * 1:35445 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality LoaderWizard DataPreview type confusion attempt (browser-plugins.rules) * 1:35444 <-> DISABLED <-> BROWSER-PLUGINS Oracle Data Quality LoaderWizard DataPreview type confusion attempt (browser-plugins.rules) * 1:35443 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35442 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35441 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35440 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35439 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:35438 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript engine integer overflow attempt (browser-firefox.rules) * 1:35437 <-> ENABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (malware-cnc.rules) * 1:35436 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:35435 <-> DISABLED <-> OS-MOBILE Android MP4 buffer overflow attempt (os-mobile.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android MP4 buffer overflow attempt (os-mobile.rules) * 1:35433 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:35432 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules)
* 1:12713 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server pitrig_dropmetadata buffer overflow attempt (server-oracle.rules) * 1:16423 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7/8 execute local file in Internet zone redirect attempt (browser-ie.rules) * 1:19559 <-> DISABLED <-> INDICATOR-SCAN SSH brute force login attempt (indicator-scan.rules) * 1:20722 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:25353 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:25354 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:25355 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:29802 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 deleted object access via timer memory corruption attempt (browser-ie.rules) * 1:29803 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 deleted object access via timer memory corruption attempt (browser-ie.rules) * 1:34623 <-> DISABLED <-> SERVER-WEBAPP PHP unserialize function integer overflow attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
