Talos has added and modified multiple rules in the exploit-kit, file-flash, malware-cnc, os-linux, protocol-scada and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41069 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single command (protocol-scada.rules) * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:41044 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Crash CPU attempt (protocol-scada.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:41042 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Dump Boot Code attempt (protocol-scada.rules) * 1:41043 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Ethernet Reset attempt (protocol-scada.rules) * 1:41040 <-> ENABLED <-> OS-LINUX Ubuntu Apport CrashDB crash report code injection attempt (os-linux.rules) * 1:41041 <-> ENABLED <-> OS-LINUX Ubuntu Apport CrashDB crash report code injection attempt (os-linux.rules) * 1:41039 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA wmi_domain_controllers command injection attempt (server-webapp.rules) * 1:41074 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 clock sync command (protocol-scada.rules) * 1:41031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:41079 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (protocol-scada.rules) * 1:41033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (malware-cnc.rules) * 1:41032 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Inspector hotfix_upload.cgi command injection attempt (server-webapp.rules) * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules) * 1:41080 <-> DISABLED <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt (server-other.rules) * 1:41073 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 bitstring of 32 bits (protocol-scada.rules) * 1:41075 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 counter interrogation command (protocol-scada.rules) * 1:41076 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 double command issued (protocol-scada.rules) * 1:41077 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 unknown ASDU type detected (protocol-scada.rules) * 1:41072 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Test command with time tag (protocol-scada.rules) * 1:41035 <-> ENABLED <-> EXPLOIT-KIT Sundown Exploit Kit redirection attempt (exploit-kit.rules) * 1:41036 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA ManagePatches servlet command injection attempt (server-webapp.rules) * 1:41037 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA domains command injection attempt (server-webapp.rules) * 1:41034 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:41038 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA testConfiguration command injection attempt (server-webapp.rules) * 1:41078 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (protocol-scada.rules) * 1:41047 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT ACT (protocol-scada.rules) * 1:41048 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT CON (protocol-scada.rules) * 1:41049 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT ACT (protocol-scada.rules) * 1:41050 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT CON (protocol-scada.rules) * 1:41051 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR ACT (protocol-scada.rules) * 1:41052 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR CON (protocol-scada.rules) * 1:41053 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Ack file (protocol-scada.rules) * 1:41054 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Double point information (protocol-scada.rules) * 1:41055 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 End of initialization (protocol-scada.rules) * 1:41082 <-> DISABLED <-> SERVER-OTHER Tarantool Msgpuck mp_check denial of service vulnerability attempt (server-other.rules) * 1:41056 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 File ready (protocol-scada.rules) * 1:41057 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Integrated totals (protocol-scada.rules) * 1:41058 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Interrogation command (protocol-scada.rules) * 1:41059 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Last section (protocol-scada.rules) * 1:41060 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 List directory (protocol-scada.rules) * 1:41061 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Measured value (protocol-scada.rules) * 1:41062 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Packed start events (protocol-scada.rules) * 1:41063 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Parameter value (protocol-scada.rules) * 1:41064 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Query Log (protocol-scada.rules) * 1:41065 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Read command (protocol-scada.rules) * 1:41066 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Regulating step command (protocol-scada.rules) * 1:41067 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Rest process command (protocol-scada.rules) * 1:41068 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Set point command (protocol-scada.rules) * 1:41071 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Step point information (protocol-scada.rules) * 1:41070 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single point information (protocol-scada.rules)
* 1:40607 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40784 <-> ENABLED <-> SERVER-WEBAPP ZyXEL TR-064 SetNTPServers command injection attempt (server-webapp.rules) * 1:40606 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40605 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40518 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Stop CPU attempt (protocol-scada.rules) * 1:40604 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:30259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection attempt (malware-cnc.rules) * 1:40517 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Network Policy Change attempt (protocol-scada.rules) * 1:40783 <-> DISABLED <-> SERVER-WEBAPP ZyXEL TR-064 GetSecurityKeys information disclosure attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41047 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT ACT (protocol-scada.rules) * 1:41048 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT CON (protocol-scada.rules) * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:41033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (malware-cnc.rules) * 1:41032 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Inspector hotfix_upload.cgi command injection attempt (server-webapp.rules) * 1:41031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:41034 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:41035 <-> ENABLED <-> EXPLOIT-KIT Sundown Exploit Kit redirection attempt (exploit-kit.rules) * 1:41036 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA ManagePatches servlet command injection attempt (server-webapp.rules) * 1:41037 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA domains command injection attempt (server-webapp.rules) * 1:41038 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA testConfiguration command injection attempt (server-webapp.rules) * 1:41039 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA wmi_domain_controllers command injection attempt (server-webapp.rules) * 1:41040 <-> ENABLED <-> OS-LINUX Ubuntu Apport CrashDB crash report code injection attempt (os-linux.rules) * 1:41041 <-> ENABLED <-> OS-LINUX Ubuntu Apport CrashDB crash report code injection attempt (os-linux.rules) * 1:41042 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Dump Boot Code attempt (protocol-scada.rules) * 1:41043 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Ethernet Reset attempt (protocol-scada.rules) * 1:41044 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Crash CPU attempt (protocol-scada.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:41049 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT ACT (protocol-scada.rules) * 1:41050 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT CON (protocol-scada.rules) * 1:41051 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR ACT (protocol-scada.rules) * 1:41052 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR CON (protocol-scada.rules) * 1:41053 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Ack file (protocol-scada.rules) * 1:41054 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Double point information (protocol-scada.rules) * 1:41055 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 End of initialization (protocol-scada.rules) * 1:41056 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 File ready (protocol-scada.rules) * 1:41057 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Integrated totals (protocol-scada.rules) * 1:41058 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Interrogation command (protocol-scada.rules) * 1:41059 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Last section (protocol-scada.rules) * 1:41060 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 List directory (protocol-scada.rules) * 1:41061 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Measured value (protocol-scada.rules) * 1:41062 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Packed start events (protocol-scada.rules) * 1:41063 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Parameter value (protocol-scada.rules) * 1:41064 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Query Log (protocol-scada.rules) * 1:41065 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Read command (protocol-scada.rules) * 1:41066 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Regulating step command (protocol-scada.rules) * 1:41067 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Rest process command (protocol-scada.rules) * 1:41068 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Set point command (protocol-scada.rules) * 1:41082 <-> DISABLED <-> SERVER-OTHER Tarantool Msgpuck mp_check denial of service vulnerability attempt (server-other.rules) * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules) * 1:41080 <-> DISABLED <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt (server-other.rules) * 1:41079 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (protocol-scada.rules) * 1:41078 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (protocol-scada.rules) * 1:41077 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 unknown ASDU type detected (protocol-scada.rules) * 1:41076 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 double command issued (protocol-scada.rules) * 1:41075 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 counter interrogation command (protocol-scada.rules) * 1:41074 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 clock sync command (protocol-scada.rules) * 1:41072 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Test command with time tag (protocol-scada.rules) * 1:41073 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 bitstring of 32 bits (protocol-scada.rules) * 1:41071 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Step point information (protocol-scada.rules) * 1:41070 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single point information (protocol-scada.rules) * 1:41069 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single command (protocol-scada.rules)
* 1:30259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection attempt (malware-cnc.rules) * 1:40517 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Network Policy Change attempt (protocol-scada.rules) * 1:40518 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Stop CPU attempt (protocol-scada.rules) * 1:40604 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40605 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40606 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40607 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40783 <-> DISABLED <-> SERVER-WEBAPP ZyXEL TR-064 GetSecurityKeys information disclosure attempt (server-webapp.rules) * 1:40784 <-> ENABLED <-> SERVER-WEBAPP ZyXEL TR-064 SetNTPServers command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41082 <-> DISABLED <-> SERVER-OTHER Tarantool Msgpuck mp_check denial of service vulnerability attempt (server-other.rules) * 1:41081 <-> ENABLED <-> SERVER-OTHER Tarantool initial connection banner detected (server-other.rules) * 1:41080 <-> DISABLED <-> SERVER-OTHER Tarantool xrow_header_decode out of bounds read attempt (server-other.rules) * 1:41079 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (protocol-scada.rules) * 1:41078 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 traffic to/from EXTERNAL_NET (protocol-scada.rules) * 1:41077 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 unknown ASDU type detected (protocol-scada.rules) * 1:41076 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 double command issued (protocol-scada.rules) * 1:41075 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 counter interrogation command (protocol-scada.rules) * 1:41074 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 clock sync command (protocol-scada.rules) * 1:41073 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 bitstring of 32 bits (protocol-scada.rules) * 1:41072 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Test command with time tag (protocol-scada.rules) * 1:41071 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Step point information (protocol-scada.rules) * 1:41070 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single point information (protocol-scada.rules) * 1:41069 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Single command (protocol-scada.rules) * 1:41068 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Set point command (protocol-scada.rules) * 1:41067 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Rest process command (protocol-scada.rules) * 1:41066 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Regulating step command (protocol-scada.rules) * 1:41065 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Read command (protocol-scada.rules) * 1:41064 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Query Log (protocol-scada.rules) * 1:41063 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Parameter value (protocol-scada.rules) * 1:41062 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Packed start events (protocol-scada.rules) * 1:41061 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Measured value (protocol-scada.rules) * 1:41060 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 List directory (protocol-scada.rules) * 1:41059 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Last section (protocol-scada.rules) * 1:41058 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Interrogation command (protocol-scada.rules) * 1:41057 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Integrated totals (protocol-scada.rules) * 1:41056 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 File ready (protocol-scada.rules) * 1:41055 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 End of initialization (protocol-scada.rules) * 1:41054 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Double point information (protocol-scada.rules) * 1:41053 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 Ack file (protocol-scada.rules) * 1:41052 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR CON (protocol-scada.rules) * 1:41051 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 TESTFR ACT (protocol-scada.rules) * 1:41050 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT CON (protocol-scada.rules) * 1:41049 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STOPDT ACT (protocol-scada.rules) * 1:41048 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT CON (protocol-scada.rules) * 1:41047 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 STARTDT ACT (protocol-scada.rules) * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:41044 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Crash CPU attempt (protocol-scada.rules) * 1:41043 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Ethernet Reset attempt (protocol-scada.rules) * 1:41042 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Dump Boot Code attempt (protocol-scada.rules) * 1:41041 <-> ENABLED <-> OS-LINUX Ubuntu Apport CrashDB crash report code injection attempt (os-linux.rules) * 1:41040 <-> ENABLED <-> OS-LINUX Ubuntu Apport CrashDB crash report code injection attempt (os-linux.rules) * 1:41039 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA wmi_domain_controllers command injection attempt (server-webapp.rules) * 1:41038 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA testConfiguration command injection attempt (server-webapp.rules) * 1:41037 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA domains command injection attempt (server-webapp.rules) * 1:41036 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA ManagePatches servlet command injection attempt (server-webapp.rules) * 1:41035 <-> ENABLED <-> EXPLOIT-KIT Sundown Exploit Kit redirection attempt (exploit-kit.rules) * 1:41034 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:41033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (malware-cnc.rules) * 1:41032 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Deep Discovery Inspector hotfix_upload.cgi command injection attempt (server-webapp.rules) * 1:41031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
* 1:30259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection attempt (malware-cnc.rules) * 1:40517 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Network Policy Change attempt (protocol-scada.rules) * 1:40518 <-> DISABLED <-> PROTOCOL-SCADA Rockwell Controllogix Stop CPU attempt (protocol-scada.rules) * 1:40604 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40605 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40606 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40607 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40783 <-> DISABLED <-> SERVER-WEBAPP ZyXEL TR-064 GetSecurityKeys information disclosure attempt (server-webapp.rules) * 1:40784 <-> ENABLED <-> SERVER-WEBAPP ZyXEL TR-064 SetNTPServers command injection attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
