Talos has added and modified multiple rules in the browser-firefox, browser-other, browser-plugins, deleted, file-flash, file-multimedia, indicator-compromise, malware-cnc, policy-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46885 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Joanap variant outbound connection (malware-cnc.rules) * 1:46895 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nocturnal outbound connection (malware-cnc.rules) * 1:46919 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46906 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules) * 1:46907 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules) * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:46920 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46917 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46903 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules) * 1:46884 <-> DISABLED <-> DELETED MALWARE-CNC Win.Trojan.Joanap variant outbound connection (deleted.rules) * 1:46894 <-> ENABLED <-> MALWARE-CNC Vbs.Worm.SysinfY2X outbound beacon (malware-cnc.rules) * 1:46908 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules) * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:46898 <-> DISABLED <-> SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt (server-webapp.rules) * 1:46916 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:46918 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46896 <-> DISABLED <-> SERVER-WEBAPP Joomla component GeoContent typename parameter cross site scripting attempt (server-webapp.rules) * 1:46910 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules) * 1:46905 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules) * 1:46886 <-> DISABLED <-> SERVER-WEBAPP Quest KACE Systems Management Appliance ajax_email_connection_test.php command injection attempt (server-webapp.rules) * 1:46909 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules) * 1:46915 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:46904 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules) * 3:46892 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46890 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46889 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46888 <-> ENABLED <-> SERVER-WEBAPP Cisco Network Services Orchestrator arbitrary command execution attempt (server-webapp.rules) * 3:46902 <-> ENABLED <-> BROWSER-OTHER invalid final chunk size evasion attempt (browser-other.rules) * 3:46891 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46901 <-> ENABLED <-> BROWSER-OTHER http chunked transfer encoding flowbit attempt (browser-other.rules) * 3:46900 <-> ENABLED <-> BROWSER-OTHER invalid final chunk size evasion attempt (browser-other.rules) * 3:46887 <-> ENABLED <-> SERVER-WEBAPP Cisco Network Services Orchestrator arbitrary command execution attempt (server-webapp.rules) * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules) * 3:46893 <-> ENABLED <-> SERVER-OTHER Cisco Prime Collaboration Provisioning Java remote method invocation attempt (server-other.rules) * 3:46914 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning password recovery field reuse attempt (server-webapp.rules) * 3:46911 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning potentially unauthenticated administrator password change attempt (server-webapp.rules) * 3:46899 <-> ENABLED <-> POLICY-OTHER Cisco Prime Collaboration Provisioning access control group modification request detected (policy-other.rules)
* 1:11324 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Input Method Editor 3 ActiveX function call access (browser-plugins.rules) * 1:46611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload second stage download request (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46918 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46916 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:46909 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules) * 1:46920 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46919 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46915 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:46907 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules) * 1:46910 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules) * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:46917 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46906 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules) * 1:46905 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules) * 1:46898 <-> DISABLED <-> SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt (server-webapp.rules) * 1:46904 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules) * 1:46896 <-> DISABLED <-> SERVER-WEBAPP Joomla component GeoContent typename parameter cross site scripting attempt (server-webapp.rules) * 1:46903 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules) * 1:46895 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nocturnal outbound connection (malware-cnc.rules) * 1:46894 <-> ENABLED <-> MALWARE-CNC Vbs.Worm.SysinfY2X outbound beacon (malware-cnc.rules) * 1:46886 <-> DISABLED <-> SERVER-WEBAPP Quest KACE Systems Management Appliance ajax_email_connection_test.php command injection attempt (server-webapp.rules) * 1:46908 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules) * 1:46885 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Joanap variant outbound connection (malware-cnc.rules) * 1:46884 <-> DISABLED <-> DELETED MALWARE-CNC Win.Trojan.Joanap variant outbound connection (deleted.rules) * 3:46887 <-> ENABLED <-> SERVER-WEBAPP Cisco Network Services Orchestrator arbitrary command execution attempt (server-webapp.rules) * 3:46888 <-> ENABLED <-> SERVER-WEBAPP Cisco Network Services Orchestrator arbitrary command execution attempt (server-webapp.rules) * 3:46889 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46890 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46891 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46892 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46893 <-> ENABLED <-> SERVER-OTHER Cisco Prime Collaboration Provisioning Java remote method invocation attempt (server-other.rules) * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules) * 3:46899 <-> ENABLED <-> POLICY-OTHER Cisco Prime Collaboration Provisioning access control group modification request detected (policy-other.rules) * 3:46900 <-> ENABLED <-> BROWSER-OTHER invalid final chunk size evasion attempt (browser-other.rules) * 3:46901 <-> ENABLED <-> BROWSER-OTHER http chunked transfer encoding flowbit attempt (browser-other.rules) * 3:46902 <-> ENABLED <-> BROWSER-OTHER invalid final chunk size evasion attempt (browser-other.rules) * 3:46911 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning potentially unauthenticated administrator password change attempt (server-webapp.rules) * 3:46914 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning password recovery field reuse attempt (server-webapp.rules)
* 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload second stage download request (malware-cnc.rules) * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:11324 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Input Method Editor 3 ActiveX function call access (browser-plugins.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46884 <-> DISABLED <-> DELETED MALWARE-CNC Win.Trojan.Joanap variant outbound connection (snort3-deleted.rules) * 1:46898 <-> DISABLED <-> SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt (snort3-server-webapp.rules) * 1:46885 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Joanap variant outbound connection (snort3-malware-cnc.rules) * 1:46906 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (snort3-indicator-compromise.rules) * 1:46920 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (snort3-file-flash.rules) * 1:46917 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (snort3-file-flash.rules) * 1:46903 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (snort3-indicator-compromise.rules) * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (snort3-browser-firefox.rules) * 1:46905 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (snort3-indicator-compromise.rules) * 1:46894 <-> ENABLED <-> MALWARE-CNC Vbs.Worm.SysinfY2X outbound beacon (snort3-malware-cnc.rules) * 1:46895 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nocturnal outbound connection (snort3-malware-cnc.rules) * 1:46896 <-> DISABLED <-> SERVER-WEBAPP Joomla component GeoContent typename parameter cross site scripting attempt (snort3-server-webapp.rules) * 1:46916 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (snort3-file-multimedia.rules) * 1:46908 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (snort3-indicator-compromise.rules) * 1:46909 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (snort3-indicator-compromise.rules) * 1:46919 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (snort3-file-flash.rules) * 1:46910 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (snort3-indicator-compromise.rules) * 1:46886 <-> DISABLED <-> SERVER-WEBAPP Quest KACE Systems Management Appliance ajax_email_connection_test.php command injection attempt (snort3-server-webapp.rules) * 1:46915 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (snort3-file-multimedia.rules) * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (snort3-browser-firefox.rules) * 1:46904 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (snort3-indicator-compromise.rules) * 1:46907 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (snort3-indicator-compromise.rules) * 1:46918 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (snort3-file-flash.rules)
* 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (snort3-file-flash.rules) * 1:11324 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Input Method Editor 3 ActiveX function call access (snort3-browser-plugins.rules) * 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (snort3-file-flash.rules) * 1:46611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload second stage download request (snort3-malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46906 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules) * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:46915 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:46916 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:46920 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46905 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules) * 1:46884 <-> DISABLED <-> DELETED MALWARE-CNC Win.Trojan.Joanap variant outbound connection (deleted.rules) * 1:46885 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Joanap variant outbound connection (malware-cnc.rules) * 1:46918 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46903 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules) * 1:46904 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules) * 1:46896 <-> DISABLED <-> SERVER-WEBAPP Joomla component GeoContent typename parameter cross site scripting attempt (server-webapp.rules) * 1:46919 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46898 <-> DISABLED <-> SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt (server-webapp.rules) * 1:46908 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules) * 1:46909 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules) * 1:46895 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nocturnal outbound connection (malware-cnc.rules) * 1:46910 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules) * 1:46907 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules) * 1:46917 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46886 <-> DISABLED <-> SERVER-WEBAPP Quest KACE Systems Management Appliance ajax_email_connection_test.php command injection attempt (server-webapp.rules) * 1:46894 <-> ENABLED <-> MALWARE-CNC Vbs.Worm.SysinfY2X outbound beacon (malware-cnc.rules) * 3:46887 <-> ENABLED <-> SERVER-WEBAPP Cisco Network Services Orchestrator arbitrary command execution attempt (server-webapp.rules) * 3:46888 <-> ENABLED <-> SERVER-WEBAPP Cisco Network Services Orchestrator arbitrary command execution attempt (server-webapp.rules) * 3:46889 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46890 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46891 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46892 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46893 <-> ENABLED <-> SERVER-OTHER Cisco Prime Collaboration Provisioning Java remote method invocation attempt (server-other.rules) * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules) * 3:46899 <-> ENABLED <-> POLICY-OTHER Cisco Prime Collaboration Provisioning access control group modification request detected (policy-other.rules) * 3:46900 <-> ENABLED <-> BROWSER-OTHER invalid final chunk size evasion attempt (browser-other.rules) * 3:46901 <-> ENABLED <-> BROWSER-OTHER http chunked transfer encoding flowbit attempt (browser-other.rules) * 3:46902 <-> ENABLED <-> BROWSER-OTHER invalid final chunk size evasion attempt (browser-other.rules) * 3:46911 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning potentially unauthenticated administrator password change attempt (server-webapp.rules) * 3:46914 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning password recovery field reuse attempt (server-webapp.rules)
* 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:11324 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Input Method Editor 3 ActiveX function call access (browser-plugins.rules) * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload second stage download request (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:46903 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules) * 1:46898 <-> DISABLED <-> SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt (server-webapp.rules) * 1:46896 <-> DISABLED <-> SERVER-WEBAPP Joomla component GeoContent typename parameter cross site scripting attempt (server-webapp.rules) * 1:46895 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nocturnal outbound connection (malware-cnc.rules) * 1:46894 <-> ENABLED <-> MALWARE-CNC Vbs.Worm.SysinfY2X outbound beacon (malware-cnc.rules) * 1:46886 <-> DISABLED <-> SERVER-WEBAPP Quest KACE Systems Management Appliance ajax_email_connection_test.php command injection attempt (server-webapp.rules) * 1:46885 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Joanap variant outbound connection (malware-cnc.rules) * 1:46884 <-> DISABLED <-> DELETED MALWARE-CNC Win.Trojan.Joanap variant outbound connection (deleted.rules) * 1:46920 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46919 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46918 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46917 <-> ENABLED <-> FILE-FLASH Adobe Flash Player out of bounds write attempt (file-flash.rules) * 1:46916 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:46915 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player abc file parts heap integer overflow attempt (file-multimedia.rules) * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:46910 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules) * 1:46909 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows Interrupt Service Routine stack rollback attempt (indicator-compromise.rules) * 1:46908 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules) * 1:46907 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows processor modification return to user-mode attempt (indicator-compromise.rules) * 1:46906 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules) * 1:46905 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows malicious CONTEXT structure creation attempt (indicator-compromise.rules) * 1:46904 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Windows SYSTEM token stealing attempt (indicator-compromise.rules) * 3:46891 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46892 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46889 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46890 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning SQL injection attempt (server-webapp.rules) * 3:46887 <-> ENABLED <-> SERVER-WEBAPP Cisco Network Services Orchestrator arbitrary command execution attempt (server-webapp.rules) * 3:46888 <-> ENABLED <-> SERVER-WEBAPP Cisco Network Services Orchestrator arbitrary command execution attempt (server-webapp.rules) * 3:46911 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning potentially unauthenticated administrator password change attempt (server-webapp.rules) * 3:46914 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Collaboration Provisioning password recovery field reuse attempt (server-webapp.rules) * 3:46901 <-> ENABLED <-> BROWSER-OTHER http chunked transfer encoding flowbit attempt (browser-other.rules) * 3:46902 <-> ENABLED <-> BROWSER-OTHER invalid final chunk size evasion attempt (browser-other.rules) * 3:46899 <-> ENABLED <-> POLICY-OTHER Cisco Prime Collaboration Provisioning access control group modification request detected (policy-other.rules) * 3:46900 <-> ENABLED <-> BROWSER-OTHER invalid final chunk size evasion attempt (browser-other.rules) * 3:46893 <-> ENABLED <-> SERVER-OTHER Cisco Prime Collaboration Provisioning Java remote method invocation attempt (server-other.rules) * 3:46897 <-> ENABLED <-> SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (server-webapp.rules)
* 1:46261 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules) * 1:46611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload second stage download request (malware-cnc.rules) * 1:11324 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Input Method Editor 3 ActiveX function call access (browser-plugins.rules) * 1:46260 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed DefineSound tag heap overflow attempt (file-flash.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
