Talos has added and modified multiple rules in the blacklist, browser-ie, file-flash, file-identify, file-other, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:36280 <-> ENABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36279 <-> ENABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36278 <-> ENABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36277 <-> ENABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36276 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36275 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36274 <-> ENABLED <-> BLACKLIST DNS request for known malware domain vincenzo-sorelli.com - Win.Trojan.Corebot (blacklist.rules) * 1:36273 <-> ENABLED <-> BLACKLIST DNS request for known malware domain arijoputane.com - Win.Trojan.Corebot (blacklist.rules) * 1:36272 <-> ENABLED <-> SERVER-WEBAPP GE MDS PulseNet hidden credentials authentication attempt (server-webapp.rules) * 1:36271 <-> ENABLED <-> FILE-OTHER Windows Media Player mcl remote file execution attempt (file-other.rules) * 1:36270 <-> DISABLED <-> SERVER-WEBAPP Centreon main.php command injection attempt (server-webapp.rules) * 1:36269 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36268 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36267 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStreamObject out of bounds read attempt (file-flash.rules) * 1:36265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStreamObject out of bounds read attempt (file-flash.rules) * 1:36264 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStreamObject out of bounds read attempt (file-flash.rules) * 1:36263 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStreamObject out of bounds read attempt (file-flash.rules) * 1:36262 <-> DISABLED <-> SERVER-WEBAPP PHP fileinfo cdf_read_property_info denial of service attempt (server-webapp.rules) * 1:36261 <-> DISABLED <-> SERVER-WEBAPP PHP fileinfo cdf_read_property_info denial of service attempt (server-webapp.rules) * 1:36260 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray writeByte buffer overflow attempt (file-flash.rules) * 1:36259 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray writeByte buffer overflow attempt (file-flash.rules) * 1:36258 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray writeByte buffer overflow attempt (file-flash.rules) * 1:36257 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray writeByte buffer overflow attempt (file-flash.rules) * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:36255 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Focal Point webservice Axis Gateway POST vulnerability attempt (server-webapp.rules) * 1:36254 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Focal Point webservice Axis Gateway GET vulnerability attempt (server-webapp.rules)
* 1:3827 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php post attempt (server-webapp.rules) * 1:15870 <-> DISABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15945 <-> DISABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:17739 <-> DISABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:34398 <-> DISABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules) * 1:20975 <-> DISABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:21016 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:21017 <-> DISABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:21701 <-> DISABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21702 <-> DISABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:34397 <-> DISABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules) * 1:21703 <-> DISABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21704 <-> DISABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21915 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:34396 <-> DISABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:22985 <-> DISABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:22986 <-> DISABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:23487 <-> DISABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23488 <-> DISABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:34395 <-> DISABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:23497 <-> DISABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23498 <-> DISABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:31635 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer margin overflow use after free attempt (browser-ie.rules) * 1:31634 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer margin overflow use after free attempt (browser-ie.rules) * 1:29548 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Focal Point webservice Axis Gateway POST vulnerability attempt (server-webapp.rules) * 1:27276 <-> DISABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:29547 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Focal Point webservice Axis Gateway GET vulnerability attempt (server-webapp.rules) * 1:24599 <-> DISABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules) * 1:27275 <-> DISABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:36278 <-> ENABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36279 <-> ENABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36280 <-> ENABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36259 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray writeByte buffer overflow attempt (file-flash.rules) * 1:36254 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Focal Point webservice Axis Gateway GET vulnerability attempt (server-webapp.rules) * 1:36255 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Focal Point webservice Axis Gateway POST vulnerability attempt (server-webapp.rules) * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:36257 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray writeByte buffer overflow attempt (file-flash.rules) * 1:36258 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray writeByte buffer overflow attempt (file-flash.rules) * 1:36264 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStreamObject out of bounds read attempt (file-flash.rules) * 1:36260 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray writeByte buffer overflow attempt (file-flash.rules) * 1:36261 <-> DISABLED <-> SERVER-WEBAPP PHP fileinfo cdf_read_property_info denial of service attempt (server-webapp.rules) * 1:36262 <-> DISABLED <-> SERVER-WEBAPP PHP fileinfo cdf_read_property_info denial of service attempt (server-webapp.rules) * 1:36263 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStreamObject out of bounds read attempt (file-flash.rules) * 1:36269 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStreamObject out of bounds read attempt (file-flash.rules) * 1:36266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStreamObject out of bounds read attempt (file-flash.rules) * 1:36267 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36268 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36272 <-> ENABLED <-> SERVER-WEBAPP GE MDS PulseNet hidden credentials authentication attempt (server-webapp.rules) * 1:36270 <-> DISABLED <-> SERVER-WEBAPP Centreon main.php command injection attempt (server-webapp.rules) * 1:36273 <-> ENABLED <-> BLACKLIST DNS request for known malware domain arijoputane.com - Win.Trojan.Corebot (blacklist.rules) * 1:36274 <-> ENABLED <-> BLACKLIST DNS request for known malware domain vincenzo-sorelli.com - Win.Trojan.Corebot (blacklist.rules) * 1:36276 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36275 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36277 <-> ENABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36271 <-> ENABLED <-> FILE-OTHER Windows Media Player mcl remote file execution attempt (file-other.rules)
* 1:27276 <-> DISABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:29547 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Focal Point webservice Axis Gateway GET vulnerability attempt (server-webapp.rules) * 1:34398 <-> DISABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules) * 1:34397 <-> DISABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules) * 1:34396 <-> DISABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:34395 <-> DISABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:31634 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer margin overflow use after free attempt (browser-ie.rules) * 1:31635 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer margin overflow use after free attempt (browser-ie.rules) * 1:29548 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Focal Point webservice Axis Gateway POST vulnerability attempt (server-webapp.rules) * 1:23498 <-> DISABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:15870 <-> DISABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:17739 <-> DISABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:20975 <-> DISABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:21016 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:21017 <-> DISABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:15945 <-> DISABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:21702 <-> DISABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21703 <-> DISABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21704 <-> DISABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21915 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21701 <-> DISABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:22985 <-> DISABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:21916 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:3827 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php post attempt (server-webapp.rules) * 1:22986 <-> DISABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:23487 <-> DISABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:23497 <-> DISABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23488 <-> DISABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:24599 <-> DISABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules) * 1:27275 <-> DISABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:36280 <-> ENABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36255 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Focal Point webservice Axis Gateway POST vulnerability attempt (server-webapp.rules) * 1:36257 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray writeByte buffer overflow attempt (file-flash.rules) * 1:36254 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Focal Point webservice Axis Gateway GET vulnerability attempt (server-webapp.rules) * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:36279 <-> ENABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36259 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray writeByte buffer overflow attempt (file-flash.rules) * 1:36264 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStreamObject out of bounds read attempt (file-flash.rules) * 1:36260 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray writeByte buffer overflow attempt (file-flash.rules) * 1:36261 <-> DISABLED <-> SERVER-WEBAPP PHP fileinfo cdf_read_property_info denial of service attempt (server-webapp.rules) * 1:36262 <-> DISABLED <-> SERVER-WEBAPP PHP fileinfo cdf_read_property_info denial of service attempt (server-webapp.rules) * 1:36263 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStreamObject out of bounds read attempt (file-flash.rules) * 1:36269 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStreamObject out of bounds read attempt (file-flash.rules) * 1:36266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStreamObject out of bounds read attempt (file-flash.rules) * 1:36267 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36268 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36271 <-> ENABLED <-> FILE-OTHER Windows Media Player mcl remote file execution attempt (file-other.rules) * 1:36270 <-> DISABLED <-> SERVER-WEBAPP Centreon main.php command injection attempt (server-webapp.rules) * 1:36273 <-> ENABLED <-> BLACKLIST DNS request for known malware domain arijoputane.com - Win.Trojan.Corebot (blacklist.rules) * 1:36272 <-> ENABLED <-> SERVER-WEBAPP GE MDS PulseNet hidden credentials authentication attempt (server-webapp.rules) * 1:36274 <-> ENABLED <-> BLACKLIST DNS request for known malware domain vincenzo-sorelli.com - Win.Trojan.Corebot (blacklist.rules) * 1:36276 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36258 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray writeByte buffer overflow attempt (file-flash.rules) * 1:36278 <-> ENABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36275 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36277 <-> ENABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules)
* 1:29548 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Focal Point webservice Axis Gateway POST vulnerability attempt (server-webapp.rules) * 1:31634 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer margin overflow use after free attempt (browser-ie.rules) * 1:27276 <-> DISABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:29547 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Focal Point webservice Axis Gateway GET vulnerability attempt (server-webapp.rules) * 1:34395 <-> DISABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:3827 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php post attempt (server-webapp.rules) * 1:34398 <-> DISABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules) * 1:34396 <-> DISABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:34397 <-> DISABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules) * 1:23497 <-> DISABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:31635 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer margin overflow use after free attempt (browser-ie.rules) * 1:23488 <-> DISABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:15870 <-> DISABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15945 <-> DISABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:17739 <-> DISABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:20975 <-> DISABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:21017 <-> DISABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:21701 <-> DISABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21702 <-> DISABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21703 <-> DISABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21016 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:21915 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21704 <-> DISABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:22985 <-> DISABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:21916 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:22986 <-> DISABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:23498 <-> DISABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23487 <-> DISABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:27275 <-> DISABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:24599 <-> DISABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:36279 <-> ENABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36259 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray writeByte buffer overflow attempt (file-flash.rules) * 1:36280 <-> ENABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36254 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Focal Point webservice Axis Gateway GET vulnerability attempt (server-webapp.rules) * 1:36257 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray writeByte buffer overflow attempt (file-flash.rules) * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules) * 1:36261 <-> DISABLED <-> SERVER-WEBAPP PHP fileinfo cdf_read_property_info denial of service attempt (server-webapp.rules) * 1:36262 <-> DISABLED <-> SERVER-WEBAPP PHP fileinfo cdf_read_property_info denial of service attempt (server-webapp.rules) * 1:36263 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStreamObject out of bounds read attempt (file-flash.rules) * 1:36264 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStreamObject out of bounds read attempt (file-flash.rules) * 1:36269 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36265 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStreamObject out of bounds read attempt (file-flash.rules) * 1:36266 <-> ENABLED <-> FILE-FLASH Adobe Flash Player URLStreamObject out of bounds read attempt (file-flash.rules) * 1:36267 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36268 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36278 <-> ENABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules) * 1:36271 <-> ENABLED <-> FILE-OTHER Windows Media Player mcl remote file execution attempt (file-other.rules) * 1:36270 <-> DISABLED <-> SERVER-WEBAPP Centreon main.php command injection attempt (server-webapp.rules) * 1:36273 <-> ENABLED <-> BLACKLIST DNS request for known malware domain arijoputane.com - Win.Trojan.Corebot (blacklist.rules) * 1:36272 <-> ENABLED <-> SERVER-WEBAPP GE MDS PulseNet hidden credentials authentication attempt (server-webapp.rules) * 1:36255 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Focal Point webservice Axis Gateway POST vulnerability attempt (server-webapp.rules) * 1:36274 <-> ENABLED <-> BLACKLIST DNS request for known malware domain vincenzo-sorelli.com - Win.Trojan.Corebot (blacklist.rules) * 1:36275 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36276 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36260 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray writeByte buffer overflow attempt (file-flash.rules) * 1:36258 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray writeByte buffer overflow attempt (file-flash.rules) * 1:36277 <-> ENABLED <-> FILE-FLASH Adobe Flash Player diplayAsPassword information disclosure attempt (file-flash.rules)
* 1:29548 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Focal Point webservice Axis Gateway POST vulnerability attempt (server-webapp.rules) * 1:31634 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer margin overflow use after free attempt (browser-ie.rules) * 1:31635 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer margin overflow use after free attempt (browser-ie.rules) * 1:22985 <-> DISABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:29547 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Focal Point webservice Axis Gateway GET vulnerability attempt (server-webapp.rules) * 1:27276 <-> DISABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:34395 <-> DISABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:3827 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php post attempt (server-webapp.rules) * 1:34398 <-> DISABLED <-> FILE-IDENTIFY Microsoft Journal file download attempt (file-identify.rules) * 1:34397 <-> DISABLED <-> FILE-IDENTIFY Microsoft Journal file download request (file-identify.rules) * 1:34396 <-> DISABLED <-> FILE-IDENTIFY Microsoft Journal file attachment detected (file-identify.rules) * 1:21702 <-> DISABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:23498 <-> DISABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:23497 <-> DISABLED <-> FILE-IDENTIFY CUR file attachment detected (file-identify.rules) * 1:15870 <-> DISABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15945 <-> DISABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:20975 <-> DISABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:21016 <-> DISABLED <-> FILE-IDENTIFY Cytel Studio cyb file attachment detected (file-identify.rules) * 1:21017 <-> DISABLED <-> FILE-IDENTIFY cyb Cytel Studio file attachment detected (file-identify.rules) * 1:21701 <-> DISABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:17739 <-> DISABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:21704 <-> DISABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21703 <-> DISABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21916 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21915 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:22986 <-> DISABLED <-> FILE-IDENTIFY 3G2 file attachment detected (file-identify.rules) * 1:23487 <-> DISABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules) * 1:24599 <-> DISABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules) * 1:27275 <-> DISABLED <-> FILE-IDENTIFY Trimble SketchUp file attachment detected (file-identify.rules) * 1:23488 <-> DISABLED <-> FILE-IDENTIFY JOB file attachment detected (file-identify.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
