Talos has added and modified multiple rules in the exploit-kit, file-image, file-office, file-pdf, malware-cnc, malware-other, os-windows, protocol-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39077 <-> ENABLED <-> FILE-PDF Adobe Reader XFA API preOpen use after free attempt (file-pdf.rules) * 1:39095 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39093 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39075 <-> DISABLED <-> SERVER-WEBAPP Aruba Networks IAP swarm.cgi raddb config injection attempt (server-webapp.rules) * 1:39091 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39090 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39109 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:39098 <-> ENABLED <-> FILE-PDF Adobe Reader double memory free call remote code execution attempt (file-pdf.rules) * 1:39087 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite arbitrary file read attempt (server-webapp.rules) * 1:39086 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection attempt (malware-cnc.rules) * 1:39099 <-> ENABLED <-> FILE-PDF Adobe Reader double memory free call remote code execution attempt (file-pdf.rules) * 1:39089 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite arbitrary file read attempt (server-webapp.rules) * 1:39088 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite arbitrary file read attempt (server-webapp.rules) * 1:39097 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39094 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39076 <-> ENABLED <-> FILE-PDF Adobe Reader XFA API preOpen use after free attempt (file-pdf.rules) * 1:39092 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39084 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection attempt (malware-cnc.rules) * 1:39103 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39101 <-> DISABLED <-> FILE-PDF Adobe Reader Universal 3D engine out of bounds memory access violation attempt (file-pdf.rules) * 1:39071 <-> DISABLED <-> SERVER-OTHER Aruba Networks IAP PAPI authentication bypass attempt (server-other.rules) * 1:39108 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:39073 <-> DISABLED <-> SERVER-WEBAPP Aruba Networks IAP swarm.cgi command injection attempt (server-webapp.rules) * 1:39070 <-> ENABLED <-> SERVER-WEBAPP Dlink local file disclosure attempt (server-webapp.rules) * 1:39072 <-> DISABLED <-> SERVER-WEBAPP Aruba Networks IAP insecure disclosure of environment variables attempt (server-webapp.rules) * 1:39081 <-> DISABLED <-> EXPLOIT-KIT Neutrino Exploit Kit Flash exploit download attempt (exploit-kit.rules) * 1:39096 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39100 <-> DISABLED <-> FILE-PDF Adobe Reader Universal 3D engine out of bounds memory access violation attempt (file-pdf.rules) * 1:39104 <-> DISABLED <-> FILE-PDF Adobe Reader Universal 3D engine out of bounds memory access violation attempt (file-pdf.rules) * 1:39080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules) * 1:39085 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection attempt (malware-cnc.rules) * 1:39105 <-> DISABLED <-> FILE-PDF Adobe Reader Universal 3D engine out of bounds memory access violation attempt (file-pdf.rules) * 1:39074 <-> DISABLED <-> SERVER-WEBAPP Aruba Networks IAP swarm.cgi command injection attempt (server-webapp.rules) * 1:39106 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (malware-cnc.rules) * 1:39107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (malware-cnc.rules) * 1:39102 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 3:39078 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0167 attack attempt (os-windows.rules) * 3:39079 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0167 attack attempt (os-windows.rules) * 3:39082 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules) * 3:39083 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules)
* 1:20099 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules) * 1:38445 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38448 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38451 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38450 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38453 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38444 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38443 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38441 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38442 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:24804 <-> DISABLED <-> SERVER-WEBAPP Invision IP Board PHP unserialize code execution attempt (server-webapp.rules) * 1:38449 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 3:35689 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-CAN-0035 attack attempt (protocol-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2980.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules) * 1:39093 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39092 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39088 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite arbitrary file read attempt (server-webapp.rules) * 1:39085 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection attempt (malware-cnc.rules) * 1:39081 <-> DISABLED <-> EXPLOIT-KIT Neutrino Exploit Kit Flash exploit download attempt (exploit-kit.rules) * 1:39073 <-> DISABLED <-> SERVER-WEBAPP Aruba Networks IAP swarm.cgi command injection attempt (server-webapp.rules) * 1:39070 <-> ENABLED <-> SERVER-WEBAPP Dlink local file disclosure attempt (server-webapp.rules) * 1:39072 <-> DISABLED <-> SERVER-WEBAPP Aruba Networks IAP insecure disclosure of environment variables attempt (server-webapp.rules) * 1:39109 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:39077 <-> ENABLED <-> FILE-PDF Adobe Reader XFA API preOpen use after free attempt (file-pdf.rules) * 1:39096 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39101 <-> DISABLED <-> FILE-PDF Adobe Reader Universal 3D engine out of bounds memory access violation attempt (file-pdf.rules) * 1:39071 <-> DISABLED <-> SERVER-OTHER Aruba Networks IAP PAPI authentication bypass attempt (server-other.rules) * 1:39076 <-> ENABLED <-> FILE-PDF Adobe Reader XFA API preOpen use after free attempt (file-pdf.rules) * 1:39108 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:39099 <-> ENABLED <-> FILE-PDF Adobe Reader double memory free call remote code execution attempt (file-pdf.rules) * 1:39100 <-> DISABLED <-> FILE-PDF Adobe Reader Universal 3D engine out of bounds memory access violation attempt (file-pdf.rules) * 1:39098 <-> ENABLED <-> FILE-PDF Adobe Reader double memory free call remote code execution attempt (file-pdf.rules) * 1:39097 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39084 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection attempt (malware-cnc.rules) * 1:39087 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite arbitrary file read attempt (server-webapp.rules) * 1:39086 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection attempt (malware-cnc.rules) * 1:39090 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39089 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite arbitrary file read attempt (server-webapp.rules) * 1:39091 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39094 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39095 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39075 <-> DISABLED <-> SERVER-WEBAPP Aruba Networks IAP swarm.cgi raddb config injection attempt (server-webapp.rules) * 1:39103 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39102 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39074 <-> DISABLED <-> SERVER-WEBAPP Aruba Networks IAP swarm.cgi command injection attempt (server-webapp.rules) * 1:39105 <-> DISABLED <-> FILE-PDF Adobe Reader Universal 3D engine out of bounds memory access violation attempt (file-pdf.rules) * 1:39106 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (malware-cnc.rules) * 1:39104 <-> DISABLED <-> FILE-PDF Adobe Reader Universal 3D engine out of bounds memory access violation attempt (file-pdf.rules) * 1:39107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (malware-cnc.rules) * 3:39078 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0167 attack attempt (os-windows.rules) * 3:39079 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0167 attack attempt (os-windows.rules) * 3:39082 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules) * 3:39083 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules)
* 1:20099 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules) * 1:38451 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38449 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38453 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38444 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38450 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38443 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38441 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38442 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38445 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:24804 <-> DISABLED <-> SERVER-WEBAPP Invision IP Board PHP unserialize code execution attempt (server-webapp.rules) * 1:38448 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 3:35689 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-CAN-0035 attack attempt (protocol-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2982.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39077 <-> ENABLED <-> FILE-PDF Adobe Reader XFA API preOpen use after free attempt (file-pdf.rules) * 1:39075 <-> DISABLED <-> SERVER-WEBAPP Aruba Networks IAP swarm.cgi raddb config injection attempt (server-webapp.rules) * 1:39076 <-> ENABLED <-> FILE-PDF Adobe Reader XFA API preOpen use after free attempt (file-pdf.rules) * 1:39081 <-> DISABLED <-> EXPLOIT-KIT Neutrino Exploit Kit Flash exploit download attempt (exploit-kit.rules) * 1:39084 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection attempt (malware-cnc.rules) * 1:39085 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection attempt (malware-cnc.rules) * 1:39086 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection attempt (malware-cnc.rules) * 1:39087 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite arbitrary file read attempt (server-webapp.rules) * 1:39088 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite arbitrary file read attempt (server-webapp.rules) * 1:39089 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite arbitrary file read attempt (server-webapp.rules) * 1:39090 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39092 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39091 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39093 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39094 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39095 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39097 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39096 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39098 <-> ENABLED <-> FILE-PDF Adobe Reader double memory free call remote code execution attempt (file-pdf.rules) * 1:39099 <-> ENABLED <-> FILE-PDF Adobe Reader double memory free call remote code execution attempt (file-pdf.rules) * 1:39100 <-> DISABLED <-> FILE-PDF Adobe Reader Universal 3D engine out of bounds memory access violation attempt (file-pdf.rules) * 1:39102 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39101 <-> DISABLED <-> FILE-PDF Adobe Reader Universal 3D engine out of bounds memory access violation attempt (file-pdf.rules) * 1:39103 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39104 <-> DISABLED <-> FILE-PDF Adobe Reader Universal 3D engine out of bounds memory access violation attempt (file-pdf.rules) * 1:39109 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:39108 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:39073 <-> DISABLED <-> SERVER-WEBAPP Aruba Networks IAP swarm.cgi command injection attempt (server-webapp.rules) * 1:39072 <-> DISABLED <-> SERVER-WEBAPP Aruba Networks IAP insecure disclosure of environment variables attempt (server-webapp.rules) * 1:39070 <-> ENABLED <-> SERVER-WEBAPP Dlink local file disclosure attempt (server-webapp.rules) * 1:39071 <-> DISABLED <-> SERVER-OTHER Aruba Networks IAP PAPI authentication bypass attempt (server-other.rules) * 1:39107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (malware-cnc.rules) * 1:39074 <-> DISABLED <-> SERVER-WEBAPP Aruba Networks IAP swarm.cgi command injection attempt (server-webapp.rules) * 1:39106 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (malware-cnc.rules) * 1:39105 <-> DISABLED <-> FILE-PDF Adobe Reader Universal 3D engine out of bounds memory access violation attempt (file-pdf.rules) * 1:39080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules) * 3:39078 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0167 attack attempt (os-windows.rules) * 3:39079 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0167 attack attempt (os-windows.rules) * 3:39082 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules) * 3:39083 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules)
* 1:38451 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38449 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38445 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38453 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38450 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38444 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38443 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38442 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38441 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:20099 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules) * 1:24804 <-> DISABLED <-> SERVER-WEBAPP Invision IP Board PHP unserialize code execution attempt (server-webapp.rules) * 1:38448 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 3:35689 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-CAN-0035 attack attempt (protocol-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:39109 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:39108 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:39107 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (malware-cnc.rules) * 1:39106 <-> ENABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (malware-cnc.rules) * 1:39105 <-> DISABLED <-> FILE-PDF Adobe Reader Universal 3D engine out of bounds memory access violation attempt (file-pdf.rules) * 1:39104 <-> DISABLED <-> FILE-PDF Adobe Reader Universal 3D engine out of bounds memory access violation attempt (file-pdf.rules) * 1:39103 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39102 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded JPEG memory corruption attempt (file-pdf.rules) * 1:39101 <-> DISABLED <-> FILE-PDF Adobe Reader Universal 3D engine out of bounds memory access violation attempt (file-pdf.rules) * 1:39100 <-> DISABLED <-> FILE-PDF Adobe Reader Universal 3D engine out of bounds memory access violation attempt (file-pdf.rules) * 1:39099 <-> ENABLED <-> FILE-PDF Adobe Reader double memory free call remote code execution attempt (file-pdf.rules) * 1:39098 <-> ENABLED <-> FILE-PDF Adobe Reader double memory free call remote code execution attempt (file-pdf.rules) * 1:39097 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39096 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39095 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39094 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39093 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39092 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39091 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39090 <-> ENABLED <-> FILE-IMAGE ImageMagick and GraphicsMagick OpenBlob command injection attempt (file-image.rules) * 1:39089 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite arbitrary file read attempt (server-webapp.rules) * 1:39088 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite arbitrary file read attempt (server-webapp.rules) * 1:39087 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Testing Suite arbitrary file read attempt (server-webapp.rules) * 1:39086 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection attempt (malware-cnc.rules) * 1:39085 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection attempt (malware-cnc.rules) * 1:39084 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection attempt (malware-cnc.rules) * 1:39081 <-> DISABLED <-> EXPLOIT-KIT Neutrino Exploit Kit Flash exploit download attempt (exploit-kit.rules) * 1:39080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules) * 1:39077 <-> ENABLED <-> FILE-PDF Adobe Reader XFA API preOpen use after free attempt (file-pdf.rules) * 1:39076 <-> ENABLED <-> FILE-PDF Adobe Reader XFA API preOpen use after free attempt (file-pdf.rules) * 1:39075 <-> DISABLED <-> SERVER-WEBAPP Aruba Networks IAP swarm.cgi raddb config injection attempt (server-webapp.rules) * 1:39074 <-> DISABLED <-> SERVER-WEBAPP Aruba Networks IAP swarm.cgi command injection attempt (server-webapp.rules) * 1:39073 <-> DISABLED <-> SERVER-WEBAPP Aruba Networks IAP swarm.cgi command injection attempt (server-webapp.rules) * 1:39072 <-> DISABLED <-> SERVER-WEBAPP Aruba Networks IAP insecure disclosure of environment variables attempt (server-webapp.rules) * 1:39071 <-> DISABLED <-> SERVER-OTHER Aruba Networks IAP PAPI authentication bypass attempt (server-other.rules) * 1:39070 <-> ENABLED <-> SERVER-WEBAPP Dlink local file disclosure attempt (server-webapp.rules) * 3:39078 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0167 attack attempt (os-windows.rules) * 3:39079 <-> ENABLED <-> OS-WINDOWS TRUFFLEHUNTER TALOS-CAN-0167 attack attempt (os-windows.rules) * 3:39082 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules) * 3:39083 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0160 attack attempt (file-office.rules)
* 1:38453 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38450 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38443 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38444 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38442 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38441 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:20099 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules) * 1:38445 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38448 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38449 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:38451 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Petya variant download attempt (malware-other.rules) * 1:24804 <-> DISABLED <-> SERVER-WEBAPP Invision IP Board PHP unserialize code execution attempt (server-webapp.rules) * 3:35689 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-CAN-0035 attack attempt (protocol-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
