Talos has added and modified multiple rules in the browser-ie, exploit-kit, file-executable, file-flash, file-image, file-office, file-other, file-pdf, indicator-compromise, malware-cnc, os-windows, policy-other, protocol-other, protocol-scada, protocol-snmp, server-apache, server-oracle, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:42984 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules) * 1:42981 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42985 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42986 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42987 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42988 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42989 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42990 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42991 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42992 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42993 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk arbitrary file upload attempt (server-webapp.rules) * 1:42994 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk arbitrary file upload attempt (server-webapp.rules) * 1:42995 <-> DISABLED <-> PROTOCOL-SCADA Weintek EB Pro denial of service attempt (protocol-scada.rules) * 1:42996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection attempt (malware-cnc.rules) * 1:42997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection attempt (malware-cnc.rules) * 1:42999 <-> DISABLED <-> SERVER-WEBAPP Brocade Network Advisor directory traversal attempt (server-webapp.rules) * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43004 <-> ENABLED <-> SERVER-SAMBA Samba is_known_pipe arbitrary module load code execution attempt (server-samba.rules) * 1:42980 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42977 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42978 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:40907 <-> DISABLED <-> PROTOCOL-OTHER TP-Link TDDP Get_config configuration leak attempt (protocol-other.rules) * 1:37028 <-> DISABLED <-> PROTOCOL-OTHER Websocket upgrade request without a client key detected (protocol-other.rules) * 1:35690 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml buffer overflow attempt (protocol-other.rules) * 1:42982 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:35689 <-> DISABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml buffer overflow attempt (protocol-other.rules) * 1:42976 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:40866 <-> DISABLED <-> PROTOCOL-OTHER TP-Link TDDP SET_CONFIG type buffer overflow attempt (protocol-other.rules) * 1:42979 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42983 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 3:42974 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2017-0340 attack attempt (protocol-other.rules) * 3:42975 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2017-0341 attack attempt (protocol-other.rules) * 3:42998 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2017-0339 attack attempt (protocol-other.rules) * 3:43000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0342 attack attempt (file-other.rules) * 3:43001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0342 attack attempt (file-other.rules) * 3:42973 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2017-0338 attack attempt (protocol-other.rules)
* 1:38871 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:38881 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38882 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38883 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38884 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38945 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:38946 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:38947 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:38948 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:39000 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:39001 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:39002 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:39003 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:39004 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:39005 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:39006 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:39066 <-> ENABLED <-> SERVER-OTHER Magento unauthenticated arbitrary file write attempt (server-other.rules) * 1:39148 <-> ENABLED <-> FILE-OFFICE Document Foundation LibreOffice RTF stylesheet use after free attempt (file-office.rules) * 1:39149 <-> ENABLED <-> FILE-OFFICE Document Foundation LibreOffice RTF stylesheet use after free attempt (file-office.rules) * 1:40715 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:40729 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules) * 1:40730 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules) * 1:40713 <-> DISABLED <-> BROWSER-IE Microsoft Edge JSON.parse information disclosure attempt (browser-ie.rules) * 1:40970 <-> DISABLED <-> BROWSER-IE Microsoft Edge Object.defineProperty type confusion attempt (browser-ie.rules) * 1:39234 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer tagged integer type confusion attempt (browser-ie.rules) * 1:39235 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer tagged integer type confusion attempt (browser-ie.rules) * 1:39242 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules) * 1:39243 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules) * 1:39326 <-> DISABLED <-> SERVER-APACHE Apache Continuum saveInstallation.action command injection attempt (server-apache.rules) * 1:39398 <-> ENABLED <-> SERVER-WEBAPP Symantec SEPM management console cross site scripting attempt (server-webapp.rules) * 1:39473 <-> DISABLED <-> SERVER-WEBAPP Shopware getTemplateName directory traversal attempt (server-webapp.rules) * 1:39645 <-> ENABLED <-> SERVER-WEBAPP Drupal Coder Module insecure remote file deserialization attempt (server-webapp.rules) * 1:39703 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:39704 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:39725 <-> ENABLED <-> SERVER-WEBAPP Drupal RESTWS restws_page_callback command injection attempt (server-webapp.rules) * 1:39726 <-> ENABLED <-> SERVER-WEBAPP Drupal RESTWS restws_page_callback command injection attempt (server-webapp.rules) * 1:39727 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:39728 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:39812 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules) * 1:39813 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules) * 1:39816 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:39817 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:39835 <-> ENABLED <-> FILE-OFFICE Microsoft Word malformed jpeg memory corruption attempt (file-office.rules) * 1:39836 <-> ENABLED <-> FILE-OFFICE Microsoft Word malformed jpeg memory corruption attempt (file-office.rules) * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:39956 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:40039 <-> DISABLED <-> SERVER-WEBAPP FreePBX config.php unauthenticated SQL injection attempt (server-webapp.rules) * 1:40040 <-> DISABLED <-> SERVER-WEBAPP FreePBX config.php unauthenticated SQL injection attempt (server-webapp.rules) * 1:40129 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Server lsass.exe memory corruption attempt (os-windows.rules) * 1:40185 <-> DISABLED <-> SERVER-WEBAPP WebNMS framework server .jsp file retrieval attempt (server-webapp.rules) * 1:40366 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules) * 1:40367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules) * 1:40383 <-> ENABLED <-> BROWSER-IE Microsoft Edge array.join information disclosure attempt (browser-ie.rules) * 1:40384 <-> ENABLED <-> BROWSER-IE Microsoft Edge array.join information disclosure attempt (browser-ie.rules) * 1:40468 <-> DISABLED <-> SERVER-OTHER Memcached append opcode request heap buffer overflow attempt (server-other.rules) * 1:40469 <-> DISABLED <-> SERVER-OTHER Memcached append opcode request heap buffer overflow attempt (server-other.rules) * 1:40470 <-> DISABLED <-> SERVER-OTHER Memcached prepend opcode request heap buffer overflow attempt (server-other.rules) * 1:40471 <-> DISABLED <-> SERVER-OTHER Memcached prepend opcode request heap buffer overflow attempt (server-other.rules) * 1:40472 <-> DISABLED <-> SERVER-OTHER Memcached appendq opcode request heap buffer overflow attempt (server-other.rules) * 1:40473 <-> DISABLED <-> SERVER-OTHER Memcached appendq opcode request heap buffer overflow attempt (server-other.rules) * 1:18500 <-> DISABLED <-> OS-WINDOWS Microsoft Groove mso.dll dll-load exploit attempt (os-windows.rules) * 1:40474 <-> DISABLED <-> SERVER-OTHER Memcached prependq opcode request heap buffer overflow attempt (server-other.rules) * 1:40475 <-> DISABLED <-> SERVER-OTHER Memcached prependq opcode request heap buffer overflow attempt (server-other.rules) * 1:40476 <-> DISABLED <-> SERVER-OTHER Memcached set opcode request heap buffer overflow attempt (server-other.rules) * 1:40477 <-> DISABLED <-> SERVER-OTHER Memcached setq opcode request heap buffer overflow attempt (server-other.rules) * 1:40478 <-> DISABLED <-> SERVER-OTHER Memcached add opcode request heap buffer overflow attempt (server-other.rules) * 1:40479 <-> DISABLED <-> SERVER-OTHER Memcached addq opcode request heap buffer overflow attempt (server-other.rules) * 1:40982 <-> ENABLED <-> FILE-OTHER Microsoft Internet Explorer malformed ico integer overflow attempt (file-other.rules) * 1:40983 <-> ENABLED <-> FILE-OTHER Microsoft Internet Explorer malformed ico integer overflow attempt (file-other.rules) * 1:40714 <-> DISABLED <-> BROWSER-IE Microsoft Edge JSON.parse information disclosure attempt (browser-ie.rules) * 1:40480 <-> DISABLED <-> SERVER-OTHER Memcached replace opcode request heap buffer overflow attempt (server-other.rules) * 1:40716 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:40481 <-> DISABLED <-> SERVER-OTHER Memcached replaceq opcode request heap buffer overflow attempt (server-other.rules) * 1:41038 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA testConfiguration command injection attempt (server-webapp.rules) * 1:41039 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA wmi_domain_controllers command injection attempt (server-webapp.rules) * 1:41060 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 List directory (protocol-scada.rules) * 1:40482 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:41181 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF PhotometricInterpretation heap buffer overflow attempt (file-image.rules) * 1:41182 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF PhotometricInterpretation heap buffer overflow attempt (file-image.rules) * 1:41183 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF PhotometricInterpretation heap buffer overflow attempt (file-image.rules) * 1:41202 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 segment out of bounds memory access attempt (file-image.rules) * 1:40483 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:41184 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF PhotometricInterpretation heap buffer overflow attempt (file-image.rules) * 1:41203 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 segment out of bounds memory access attempt (file-image.rules) * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules) * 1:40647 <-> ENABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules) * 1:41216 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server si_prop stack buffer overflow attempt (server-other.rules) * 1:41790 <-> DISABLED <-> SERVER-WEBAPP Brocade Network Advisor CliMonitorReportServlet directory traversal attempt (server-webapp.rules) * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules) * 1:40648 <-> ENABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules) * 1:42040 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:42041 <-> ENABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:42117 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules) * 1:42118 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules) * 1:40649 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll proxy object prototype return type confusion attempt (browser-ie.rules) * 1:42956 <-> DISABLED <-> SERVER-WEBAPP Brocade Network Advisor CliMonitorReportServlet directory traversal attempt (server-webapp.rules) * 1:42957 <-> DISABLED <-> SERVER-WEBAPP Brocade Network Advisor CliMonitorReportServlet directory traversal attempt (server-webapp.rules) * 1:40650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll proxy object prototype return type confusion attempt (browser-ie.rules) * 1:40661 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array.concat type confusion attempt (browser-ie.rules) * 1:41036 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA ManagePatches servlet command injection attempt (server-webapp.rules) * 1:40704 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer UIAnimaation.dll use after free attempt (browser-ie.rules) * 1:41037 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA domains command injection attempt (server-webapp.rules) * 1:40662 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array.concat type confusion attempt (browser-ie.rules) * 1:40703 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer UIAnimaation.dll use after free attempt (browser-ie.rules) * 1:40969 <-> DISABLED <-> BROWSER-IE Microsoft Edge Object.defineProperty type confusion attempt (browser-ie.rules) * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:26947 <-> DISABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit inbound java exploit download (exploit-kit.rules) * 1:36759 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer setAttributeNS ASLR bypass attempt (indicator-compromise.rules) * 1:36760 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer setAttributeNS ASLR bypass attempt (indicator-compromise.rules) * 1:27875 <-> DISABLED <-> EXPLOIT-KIT Javascript obfuscation technique - has been observed in Rmayana/DotkaChef/DotCache exploit kit (exploit-kit.rules) * 1:26948 <-> DISABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit inbound java exploit download (exploit-kit.rules) * 1:37078 <-> ENABLED <-> SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (server-webapp.rules) * 1:37077 <-> ENABLED <-> SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (server-webapp.rules) * 1:38744 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:18499 <-> DISABLED <-> OS-WINDOWS Microsoft Groove mso.dll dll-load exploit attempt (os-windows.rules) * 1:38743 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 3:39379 <-> ENABLED <-> FILE-EXECUTABLE Norton Antivirus ASPack heap corruption attempt (file-executable.rules) * 3:39885 <-> ENABLED <-> PROTOCOL-SNMP Cisco ASA SNMP OID parsing stack buffer overflow attempt (protocol-snmp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:43004 <-> ENABLED <-> SERVER-SAMBA Samba is_known_pipe arbitrary module load code execution attempt (server-samba.rules) * 1:43003 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:43002 <-> ENABLED <-> PROTOCOL-OTHER NETBIOS SMB IPC share access attempt (protocol-other.rules) * 1:42999 <-> DISABLED <-> SERVER-WEBAPP Brocade Network Advisor directory traversal attempt (server-webapp.rules) * 1:42997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection attempt (malware-cnc.rules) * 1:42996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection attempt (malware-cnc.rules) * 1:42995 <-> DISABLED <-> PROTOCOL-SCADA Weintek EB Pro denial of service attempt (protocol-scada.rules) * 1:42994 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk arbitrary file upload attempt (server-webapp.rules) * 1:42993 <-> DISABLED <-> SERVER-WEBAPP ReadyDesk arbitrary file upload attempt (server-webapp.rules) * 1:42992 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42991 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42990 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42989 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42988 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42987 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42986 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42985 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42984 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42983 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42982 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42981 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42980 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42979 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42978 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42977 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:42976 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server SYS.KUPV SQL injection attempt (server-oracle.rules) * 1:40907 <-> DISABLED <-> PROTOCOL-OTHER TP-Link TDDP Get_config configuration leak attempt (protocol-other.rules) * 1:40866 <-> DISABLED <-> PROTOCOL-OTHER TP-Link TDDP SET_CONFIG type buffer overflow attempt (protocol-other.rules) * 1:37028 <-> DISABLED <-> PROTOCOL-OTHER Websocket upgrade request without a client key detected (protocol-other.rules) * 1:35690 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml buffer overflow attempt (protocol-other.rules) * 1:35689 <-> DISABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml buffer overflow attempt (protocol-other.rules) * 1:35688 <-> ENABLED <-> PROTOCOL-OTHER MiniUPNP rootdesc.xml file request (protocol-other.rules) * 3:42973 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2017-0338 attack attempt (protocol-other.rules) * 3:42974 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2017-0340 attack attempt (protocol-other.rules) * 3:42975 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2017-0341 attack attempt (protocol-other.rules) * 3:42998 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2017-0339 attack attempt (protocol-other.rules) * 3:43000 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0342 attack attempt (file-other.rules) * 3:43001 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2017-0342 attack attempt (file-other.rules)
* 1:42957 <-> DISABLED <-> SERVER-WEBAPP Brocade Network Advisor CliMonitorReportServlet directory traversal attempt (server-webapp.rules) * 1:42956 <-> DISABLED <-> SERVER-WEBAPP Brocade Network Advisor CliMonitorReportServlet directory traversal attempt (server-webapp.rules) * 1:42118 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules) * 1:42117 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules) * 1:42041 <-> ENABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:42040 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:41906 <-> DISABLED <-> POLICY-OTHER HTTP redirect to FTP server attempt (policy-other.rules) * 1:41790 <-> DISABLED <-> SERVER-WEBAPP Brocade Network Advisor CliMonitorReportServlet directory traversal attempt (server-webapp.rules) * 1:41216 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server si_prop stack buffer overflow attempt (server-other.rules) * 1:41206 <-> DISABLED <-> SERVER-OTHER Aerospike Database Server index name buffer overflow attempt (server-other.rules) * 1:41203 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 segment out of bounds memory access attempt (file-image.rules) * 1:41202 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP2 segment out of bounds memory access attempt (file-image.rules) * 1:41184 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF PhotometricInterpretation heap buffer overflow attempt (file-image.rules) * 1:41183 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF PhotometricInterpretation heap buffer overflow attempt (file-image.rules) * 1:41182 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF PhotometricInterpretation heap buffer overflow attempt (file-image.rules) * 1:41181 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF PhotometricInterpretation heap buffer overflow attempt (file-image.rules) * 1:41060 <-> DISABLED <-> PROTOCOL-SCADA IEC 104 List directory (protocol-scada.rules) * 1:41039 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA wmi_domain_controllers command injection attempt (server-webapp.rules) * 1:41038 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA testConfiguration command injection attempt (server-webapp.rules) * 1:41037 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA domains command injection attempt (server-webapp.rules) * 1:41036 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA ManagePatches servlet command injection attempt (server-webapp.rules) * 1:40983 <-> ENABLED <-> FILE-OTHER Microsoft Internet Explorer malformed ico integer overflow attempt (file-other.rules) * 1:40982 <-> ENABLED <-> FILE-OTHER Microsoft Internet Explorer malformed ico integer overflow attempt (file-other.rules) * 1:40970 <-> DISABLED <-> BROWSER-IE Microsoft Edge Object.defineProperty type confusion attempt (browser-ie.rules) * 1:40969 <-> DISABLED <-> BROWSER-IE Microsoft Edge Object.defineProperty type confusion attempt (browser-ie.rules) * 1:40730 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules) * 1:40729 <-> DISABLED <-> FILE-OTHER Microsoft Windows OTF parsing memory corruption attempt (file-other.rules) * 1:40716 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:40715 <-> DISABLED <-> BROWSER-IE Microsoft Edge proxy object type confusion attempt (browser-ie.rules) * 1:40714 <-> DISABLED <-> BROWSER-IE Microsoft Edge JSON.parse information disclosure attempt (browser-ie.rules) * 1:40713 <-> DISABLED <-> BROWSER-IE Microsoft Edge JSON.parse information disclosure attempt (browser-ie.rules) * 1:40704 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer UIAnimaation.dll use after free attempt (browser-ie.rules) * 1:40703 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer UIAnimaation.dll use after free attempt (browser-ie.rules) * 1:40662 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array.concat type confusion attempt (browser-ie.rules) * 1:40661 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array.concat type confusion attempt (browser-ie.rules) * 1:40650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll proxy object prototype return type confusion attempt (browser-ie.rules) * 1:40649 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Chakra.dll proxy object prototype return type confusion attempt (browser-ie.rules) * 1:40648 <-> ENABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules) * 1:40647 <-> ENABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules) * 1:40483 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:40482 <-> DISABLED <-> SERVER-OTHER Memcached SASL auth opcode request heap buffer overflow attempt (server-other.rules) * 1:40481 <-> DISABLED <-> SERVER-OTHER Memcached replaceq opcode request heap buffer overflow attempt (server-other.rules) * 1:40480 <-> DISABLED <-> SERVER-OTHER Memcached replace opcode request heap buffer overflow attempt (server-other.rules) * 1:40479 <-> DISABLED <-> SERVER-OTHER Memcached addq opcode request heap buffer overflow attempt (server-other.rules) * 1:40478 <-> DISABLED <-> SERVER-OTHER Memcached add opcode request heap buffer overflow attempt (server-other.rules) * 1:40477 <-> DISABLED <-> SERVER-OTHER Memcached setq opcode request heap buffer overflow attempt (server-other.rules) * 1:40476 <-> DISABLED <-> SERVER-OTHER Memcached set opcode request heap buffer overflow attempt (server-other.rules) * 1:40475 <-> DISABLED <-> SERVER-OTHER Memcached prependq opcode request heap buffer overflow attempt (server-other.rules) * 1:40474 <-> DISABLED <-> SERVER-OTHER Memcached prependq opcode request heap buffer overflow attempt (server-other.rules) * 1:40473 <-> DISABLED <-> SERVER-OTHER Memcached appendq opcode request heap buffer overflow attempt (server-other.rules) * 1:40472 <-> DISABLED <-> SERVER-OTHER Memcached appendq opcode request heap buffer overflow attempt (server-other.rules) * 1:40471 <-> DISABLED <-> SERVER-OTHER Memcached prepend opcode request heap buffer overflow attempt (server-other.rules) * 1:18500 <-> DISABLED <-> OS-WINDOWS Microsoft Groove mso.dll dll-load exploit attempt (os-windows.rules) * 1:18499 <-> DISABLED <-> OS-WINDOWS Microsoft Groove mso.dll dll-load exploit attempt (os-windows.rules) * 1:40470 <-> DISABLED <-> SERVER-OTHER Memcached prepend opcode request heap buffer overflow attempt (server-other.rules) * 1:40469 <-> DISABLED <-> SERVER-OTHER Memcached append opcode request heap buffer overflow attempt (server-other.rules) * 1:40468 <-> DISABLED <-> SERVER-OTHER Memcached append opcode request heap buffer overflow attempt (server-other.rules) * 1:40384 <-> ENABLED <-> BROWSER-IE Microsoft Edge array.join information disclosure attempt (browser-ie.rules) * 1:40383 <-> ENABLED <-> BROWSER-IE Microsoft Edge array.join information disclosure attempt (browser-ie.rules) * 1:40367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules) * 1:40366 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules) * 1:40185 <-> DISABLED <-> SERVER-WEBAPP WebNMS framework server .jsp file retrieval attempt (server-webapp.rules) * 1:40129 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Server lsass.exe memory corruption attempt (os-windows.rules) * 1:40040 <-> DISABLED <-> SERVER-WEBAPP FreePBX config.php unauthenticated SQL injection attempt (server-webapp.rules) * 1:40039 <-> DISABLED <-> SERVER-WEBAPP FreePBX config.php unauthenticated SQL injection attempt (server-webapp.rules) * 1:39956 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:39836 <-> ENABLED <-> FILE-OFFICE Microsoft Word malformed jpeg memory corruption attempt (file-office.rules) * 1:39835 <-> ENABLED <-> FILE-OFFICE Microsoft Word malformed jpeg memory corruption attempt (file-office.rules) * 1:39817 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:39816 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (file-office.rules) * 1:39813 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules) * 1:39812 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules) * 1:39728 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:39727 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Rectangle constructor use after free attempt (file-flash.rules) * 1:39726 <-> ENABLED <-> SERVER-WEBAPP Drupal RESTWS restws_page_callback command injection attempt (server-webapp.rules) * 1:39725 <-> ENABLED <-> SERVER-WEBAPP Drupal RESTWS restws_page_callback command injection attempt (server-webapp.rules) * 1:39704 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:39703 <-> ENABLED <-> FILE-PDF Adobe Flash Player ActionScript setFocus use after free attempt (file-pdf.rules) * 1:39645 <-> ENABLED <-> SERVER-WEBAPP Drupal Coder Module insecure remote file deserialization attempt (server-webapp.rules) * 1:39473 <-> DISABLED <-> SERVER-WEBAPP Shopware getTemplateName directory traversal attempt (server-webapp.rules) * 1:39398 <-> ENABLED <-> SERVER-WEBAPP Symantec SEPM management console cross site scripting attempt (server-webapp.rules) * 1:39326 <-> DISABLED <-> SERVER-APACHE Apache Continuum saveInstallation.action command injection attempt (server-apache.rules) * 1:39243 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules) * 1:39242 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules) * 1:39235 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer tagged integer type confusion attempt (browser-ie.rules) * 1:39234 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer tagged integer type confusion attempt (browser-ie.rules) * 1:39149 <-> ENABLED <-> FILE-OFFICE Document Foundation LibreOffice RTF stylesheet use after free attempt (file-office.rules) * 1:39148 <-> ENABLED <-> FILE-OFFICE Document Foundation LibreOffice RTF stylesheet use after free attempt (file-office.rules) * 1:39066 <-> ENABLED <-> SERVER-OTHER Magento unauthenticated arbitrary file write attempt (server-other.rules) * 1:39006 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:39005 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:39004 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:39003 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:38883 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:39002 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:39001 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:39000 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:38948 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:38947 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:38946 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:38945 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:38884 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38882 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38881 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FileReference type confusion attempt (file-flash.rules) * 1:38871 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:38744 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:38743 <-> ENABLED <-> FILE-IMAGE ImageMagick WWWDecodeDelegate command injection attempt (file-image.rules) * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules) * 1:37078 <-> ENABLED <-> SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (server-webapp.rules) * 1:37077 <-> ENABLED <-> SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (server-webapp.rules) * 1:36760 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer setAttributeNS ASLR bypass attempt (indicator-compromise.rules) * 1:27875 <-> DISABLED <-> EXPLOIT-KIT Javascript obfuscation technique - has been observed in Rmayana/DotkaChef/DotCache exploit kit (exploit-kit.rules) * 1:26948 <-> DISABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit inbound java exploit download (exploit-kit.rules) * 1:36759 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Internet Explorer setAttributeNS ASLR bypass attempt (indicator-compromise.rules) * 1:26947 <-> DISABLED <-> EXPLOIT-KIT DotkaChef/Rmayana/DotCache exploit kit inbound java exploit download (exploit-kit.rules) * 3:39379 <-> ENABLED <-> FILE-EXECUTABLE Norton Antivirus ASPack heap corruption attempt (file-executable.rules) * 3:39885 <-> ENABLED <-> PROTOCOL-SNMP Cisco ASA SNMP OID parsing stack buffer overflow attempt (protocol-snmp.rules)