Talos has added and modified multiple rules in the blacklist, browser-ie, browser-plugins, exploit-kit, file-flash, malware-cnc and server-other rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:36489 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36461 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost sadminpwd buffer overflow attempt (server-other.rules) * 1:36460 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules) * 1:36463 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server opcode 1332 buffer overflow attempt (server-other.rules) * 1:36462 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost verifypwd buffer overflow attempt (server-other.rules) * 1:36492 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit gate detected (exploit-kit.rules) * 1:36494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules) * 1:36469 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36465 <-> ENABLED <-> BLACKLIST DNS request for known malware domain yalladesign.net - Win.Trojan.AridViper (blacklist.rules) * 1:36467 <-> ENABLED <-> BLACKLIST DNS request for known malware domain smilydesign.com - Win.Trojan.AridViper (blacklist.rules) * 1:36468 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36464 <-> ENABLED <-> BLACKLIST DNS request for known malware domain oowdesign.com - Win.Trojan.AridViper (blacklist.rules) * 1:36485 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36466 <-> ENABLED <-> BLACKLIST DNS request for known malware domain coldydesign.com - Win.Trojan.AridViper (blacklist.rules) * 1:36491 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36470 <-> ENABLED <-> BLACKLIST DNS request for known malware domain kemoge.net - Kemoge (blacklist.rules) * 1:36471 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection attempt (malware-cnc.rules) * 1:36472 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules) * 1:36473 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules) * 1:36474 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules) * 1:36475 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules) * 1:36476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36484 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36490 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36479 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36480 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36481 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36486 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36483 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36482 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36488 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36487 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36493 <-> DISABLED <-> SERVER-OTHER Squid snmphandleUDP off-by-one buffer overflow attempt (server-other.rules)
* 1:23375 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36241 <-> ENABLED <-> MALWARE-OTHER self-signed SSL certificate transfer for EXEPROXY attempt (malware-other.rules) * 1:17487 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules) * 1:23373 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:36461 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost sadminpwd buffer overflow attempt (server-other.rules) * 1:36460 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules) * 1:36492 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit gate detected (exploit-kit.rules) * 1:36462 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost verifypwd buffer overflow attempt (server-other.rules) * 1:36494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules) * 1:36469 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36467 <-> ENABLED <-> BLACKLIST DNS request for known malware domain smilydesign.com - Win.Trojan.AridViper (blacklist.rules) * 1:36468 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36465 <-> ENABLED <-> BLACKLIST DNS request for known malware domain yalladesign.net - Win.Trojan.AridViper (blacklist.rules) * 1:36464 <-> ENABLED <-> BLACKLIST DNS request for known malware domain oowdesign.com - Win.Trojan.AridViper (blacklist.rules) * 1:36490 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36491 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36481 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36463 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server opcode 1332 buffer overflow attempt (server-other.rules) * 1:36489 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36466 <-> ENABLED <-> BLACKLIST DNS request for known malware domain coldydesign.com - Win.Trojan.AridViper (blacklist.rules) * 1:36470 <-> ENABLED <-> BLACKLIST DNS request for known malware domain kemoge.net - Kemoge (blacklist.rules) * 1:36471 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection attempt (malware-cnc.rules) * 1:36472 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules) * 1:36473 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules) * 1:36474 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules) * 1:36475 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules) * 1:36476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36479 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36480 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36482 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36483 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36484 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36486 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36485 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36493 <-> DISABLED <-> SERVER-OTHER Squid snmphandleUDP off-by-one buffer overflow attempt (server-other.rules) * 1:36487 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36488 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
* 1:36241 <-> ENABLED <-> MALWARE-OTHER self-signed SSL certificate transfer for EXEPROXY attempt (malware-other.rules) * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:23373 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:17487 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules) * 1:23375 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:36469 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36467 <-> ENABLED <-> BLACKLIST DNS request for known malware domain smilydesign.com - Win.Trojan.AridViper (blacklist.rules) * 1:36468 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36465 <-> ENABLED <-> BLACKLIST DNS request for known malware domain yalladesign.net - Win.Trojan.AridViper (blacklist.rules) * 1:36464 <-> ENABLED <-> BLACKLIST DNS request for known malware domain oowdesign.com - Win.Trojan.AridViper (blacklist.rules) * 1:36461 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost sadminpwd buffer overflow attempt (server-other.rules) * 1:36460 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules) * 1:36463 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server opcode 1332 buffer overflow attempt (server-other.rules) * 1:36466 <-> ENABLED <-> BLACKLIST DNS request for known malware domain coldydesign.com - Win.Trojan.AridViper (blacklist.rules) * 1:36470 <-> ENABLED <-> BLACKLIST DNS request for known malware domain kemoge.net - Kemoge (blacklist.rules) * 1:36471 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection attempt (malware-cnc.rules) * 1:36472 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules) * 1:36473 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules) * 1:36474 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules) * 1:36475 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules) * 1:36476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36479 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36480 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36481 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36482 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36483 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36484 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36485 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36486 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules) * 1:36493 <-> DISABLED <-> SERVER-OTHER Squid snmphandleUDP off-by-one buffer overflow attempt (server-other.rules) * 1:36462 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost verifypwd buffer overflow attempt (server-other.rules) * 1:36492 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit gate detected (exploit-kit.rules) * 1:36491 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36490 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36489 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36488 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36487 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules)
* 1:36241 <-> ENABLED <-> MALWARE-OTHER self-signed SSL certificate transfer for EXEPROXY attempt (malware-other.rules) * 1:23375 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:23373 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:17487 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:36494 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules) * 1:36493 <-> DISABLED <-> SERVER-OTHER Squid snmphandleUDP off-by-one buffer overflow attempt (server-other.rules) * 1:36492 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit gate detected (exploit-kit.rules) * 1:36491 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36490 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36489 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36488 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36487 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36486 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36485 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36484 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36483 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36482 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36481 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36480 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36479 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36477 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36476 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same orgin policy bypass attempt (file-flash.rules) * 1:36475 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules) * 1:36474 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules) * 1:36473 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules) * 1:36472 <-> DISABLED <-> BROWSER-PLUGINS Advantech WebAccess AspVCObj.AspDataDriven ConvToSafeArray ActiveX clsid access attempt (browser-plugins.rules) * 1:36471 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection attempt (malware-cnc.rules) * 1:36470 <-> ENABLED <-> BLACKLIST DNS request for known malware domain kemoge.net - Kemoge (blacklist.rules) * 1:36469 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36468 <-> ENABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36467 <-> ENABLED <-> BLACKLIST DNS request for known malware domain smilydesign.com - Win.Trojan.AridViper (blacklist.rules) * 1:36466 <-> ENABLED <-> BLACKLIST DNS request for known malware domain coldydesign.com - Win.Trojan.AridViper (blacklist.rules) * 1:36465 <-> ENABLED <-> BLACKLIST DNS request for known malware domain yalladesign.net - Win.Trojan.AridViper (blacklist.rules) * 1:36464 <-> ENABLED <-> BLACKLIST DNS request for known malware domain oowdesign.com - Win.Trojan.AridViper (blacklist.rules) * 1:36463 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server opcode 1332 buffer overflow attempt (server-other.rules) * 1:36462 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost verifypwd buffer overflow attempt (server-other.rules) * 1:36461 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost sadminpwd buffer overflow attempt (server-other.rules) * 1:36460 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules)
* 1:17487 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules) * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:23373 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:23375 <-> DISABLED <-> BROWSER-PLUGINS Schneider Electric TeeChart ActiveX clsid access attempt (browser-plugins.rules) * 1:36241 <-> ENABLED <-> MALWARE-OTHER self-signed SSL certificate transfer for EXEPROXY attempt (malware-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
