Talos has added and modified multiple rules in the exploit-kit, file-flash, file-identify, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, malware-backdoor, malware-cnc, malware-other, netbios, os-linux, os-mobile, os-other, os-windows, policy-other, protocol-dns, protocol-ftp, protocol-icmp, protocol-imap, protocol-rpc, protocol-scada, protocol-services, protocol-snmp, protocol-tftp, protocol-voip, pua-adware, pua-toolbars, server-apache, server-iis, server-mail, server-mssql, server-mysql, server-oracle, server-other and sql rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:47831 <-> DISABLED <-> SERVER-WEBAPP phpmyadmin post-authentication local file inclusion attempt (server-webapp.rules) * 1:47845 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47814 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor imageUploadServlet directory traversal attempt (server-webapp.rules) * 1:47832 <-> DISABLED <-> SERVER-WEBAPP WordPress Responsive Thumbnail Slider arbitrary PHP file upload attempt (server-webapp.rules) * 1:47850 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SystemCollector privilege escalation attempt (os-windows.rules) * 1:47824 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan variant download (malware-cnc.rules) * 1:47849 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47843 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Adwind variant outbound connection (malware-cnc.rules) * 1:47812 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor imageUploadServlet arbitrary JSP file upload attempt (server-webapp.rules) * 1:47844 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47825 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan variant download (malware-cnc.rules) * 1:47827 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules) * 1:47816 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor LicenseServlet arbitrary JSP file upload attempt (server-webapp.rules) * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:47839 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules) * 1:47829 <-> ENABLED <-> SERVER-OTHER JBoss Richfaces expression language injection attempt (server-other.rules) * 1:47846 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47813 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor imageUploadServlet directory traversal attempt (server-webapp.rules) * 1:47837 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownloadGuide variant outbound traffic (malware-cnc.rules) * 1:47823 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan variant download (malware-cnc.rules) * 1:47835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownloadGuide variant outbound traffic (malware-cnc.rules) * 1:47826 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan variant download (malware-cnc.rules) * 1:47822 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan outbound attempt (malware-cnc.rules) * 1:47819 <-> DISABLED <-> SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt (server-webapp.rules) * 1:47848 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47836 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownloadGuide variant outbound traffic (malware-cnc.rules) * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:47828 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules) * 1:47815 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor LicenseServlet directory traversal attempt (server-webapp.rules) * 1:47847 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47851 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SystemCollector privilege escalation attempt (os-windows.rules) * 1:47817 <-> DISABLED <-> SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt (server-webapp.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:47818 <-> DISABLED <-> SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt (server-webapp.rules) * 1:47838 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules) * 3:47840 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0680 attack attempt (file-other.rules) * 3:47842 <-> ENABLED <-> PROTOCOL-DNS TRUFFLEHUNTER TALOS-2018-0681 attack attempt (protocol-dns.rules) * 3:47841 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0680 attack attempt (file-other.rules)
* 1:47744 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup CustomerPortalService.pm command injection attempt (server-webapp.rules) * 1:46642 <-> ENABLED <-> MALWARE-CNC Win.Worm.Brontok user-agent outbound connection (malware-cnc.rules) * 1:34160 <-> DISABLED <-> SERVER-OTHER Oracle Outside In Paradox database denial of service attempt (server-other.rules) * 1:46641 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Worm.Brontok outbound HTTP request attempt (indicator-compromise.rules) * 1:604 <-> DISABLED <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt (protocol-services.rules) * 1:494 <-> DISABLED <-> INDICATOR-COMPROMISE command completed (indicator-compromise.rules) * 1:47033 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:47032 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:34916 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro u32zlib.dll dll-load exploit attempt (netbios.rules) * 1:33005 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:46640 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Worm.Brontok outbound HTTP request attempt (indicator-compromise.rules) * 1:35684 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules) * 1:33597 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central MSP StatusUpdateServlet directory traversal attempt (server-webapp.rules) * 1:34139 <-> DISABLED <-> SERVER-OTHER Novell ZenWorks configuration management file upload directory traversal attempt (server-other.rules) * 1:32403 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:33076 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (server-webapp.rules) * 1:34905 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:32887 <-> DISABLED <-> SERVER-WEBAPP ActualScripts ActualAnalyzer aa.php command injection attempt (server-webapp.rules) * 1:3827 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php post attempt (server-webapp.rules) * 1:32350 <-> DISABLED <-> SERVER-WEBAPP ManageEngine multipartRequest servlet directory traversal attempt (server-webapp.rules) * 1:34893 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (server-other.rules) * 1:34633 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules) * 1:38273 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:33632 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (server-webapp.rules) * 1:31764 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (server-other.rules) * 1:37856 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router cross site scripting attempt (server-webapp.rules) * 1:37831 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:34604 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts saveFile.jsp directory traversal attempt (server-webapp.rules) * 1:34895 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:32527 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts directory traversal attempt (server-webapp.rules) * 1:38190 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:35701 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules) * 1:35535 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules) * 1:32381 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:33075 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (server-webapp.rules) * 1:35683 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules) * 1:37937 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:33615 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:34909 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:33277 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:32964 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:33515 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37942 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:35681 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php authentication bypass attempt (server-webapp.rules) * 1:32346 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (server-other.rules) * 1:33087 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:34569 <-> DISABLED <-> SERVER-WEBAPP Wordpress Creative Contact Form arbitrary PHP file upload attempt (server-webapp.rules) * 1:34904 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:38229 <-> DISABLED <-> SERVER-WEBAPP Wordpress Simple Ads Manager sam-ajax-admin.php directory traversal attempt (server-webapp.rules) * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:34603 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:31882 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:36530 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:34485 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:31765 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (server-other.rules) * 1:36854 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules) * 1:32744 <-> DISABLED <-> SERVER-WEBAPP ManageEngine NetFlow Analyzer DisplayChartPDF directory traversal attempt (server-webapp.rules) * 1:34805 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34891 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32Zlib.dll dll-load exploit attempt (file-other.rules) * 1:35077 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules) * 1:33036 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:36823 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server buffer overflow attempt (server-other.rules) * 1:35016 <-> ENABLED <-> SERVER-WEBAPP Centreon cmdGetExample.php SQL injection attempt (server-webapp.rules) * 1:35443 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:37665 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:34804 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:35940 <-> DISABLED <-> SERVER-WEBAPP PHP phar_parse_tarfile method integer overflow attempt (server-webapp.rules) * 1:38898 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 aires.dll dll-load exploit attempt (file-other.rules) * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:32886 <-> DISABLED <-> SERVER-WEBAPP Enalean Tuleap PHP unserialize code execution attempt (server-webapp.rules) * 1:36855 <-> ENABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (file-other.rules) * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules) * 1:34845 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules) * 1:33832 <-> DISABLED <-> SERVER-WEBAPP Seagate BlackArmor NAS getAlias.php command injection attempt (server-webapp.rules) * 1:33895 <-> DISABLED <-> SERVER-WEBAPP TWiki debugenableplugins arbitrary perl code injection attempt (server-webapp.rules) * 1:33676 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway restore.php command injection attempt (server-webapp.rules) * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:33007 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33518 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32530 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:34892 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:32968 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP name parameter directory traversal attempt (server-webapp.rules) * 1:36383 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:36885 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:34939 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34242 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:32044 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Eventlog Analyzer directory traversal attempt (server-webapp.rules) * 1:33010 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:34482 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:31747 <-> DISABLED <-> SERVER-WEBAPP Gitlab ssh key upload command injection attempt (server-webapp.rules) * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32563 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts arbitrary file upload attempt (server-webapp.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules) * 1:34225 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (protocol-ftp.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:34376 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34913 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules) * 1:32351 <-> DISABLED <-> SERVER-WEBAPP ManageEngine multipartRequest servlet directory traversal attempt (server-webapp.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:37855 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router cross site scripting attempt (server-webapp.rules) * 1:34487 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:36025 <-> DISABLED <-> SERVER-OTHER Digium Asterisk TLS Certificate Common Name null byte validation bypass attempt (server-other.rules) * 1:32342 <-> ENABLED <-> SERVER-OTHER AlienVault OSSIM framework backup_restore action command injection attempt (server-other.rules) * 1:36901 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive showRecxml.jsp directory traversal attempt (server-webapp.rules) * 1:34351 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:43675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:34238 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (server-other.rules) * 1:31854 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 128 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:35406 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_status heap buffer overflow attempt (server-apache.rules) * 1:37134 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules) * 1:31879 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32528 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts directory traversal attempt (server-webapp.rules) * 1:38274 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:35414 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:33446 <-> DISABLED <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt (server-webapp.rules) * 1:34910 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:37941 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:32014 <-> DISABLED <-> SERVER-WEBAPP GetSimpleCMS arbitrary PHP code execution attempt (server-webapp.rules) * 1:31852 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 64 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:34344 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:35279 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules) * 1:32962 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:35533 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules) * 1:34942 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:32059 <-> ENABLED <-> PROTOCOL-SCADA KingSCADA Alarm Server stack buffer overflow attempt (protocol-scada.rules) * 1:34373 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:33812 <-> ENABLED <-> SERVER-WEBAPP Seagate NAS remote code execution attempt (server-webapp.rules) * 1:34240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:33034 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:34184 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense services_unbound_acls cross site scripting attempt (server-webapp.rules) * 1:32975 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (os-mobile.rules) * 1:32349 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:39391 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:34634 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules) * 1:33279 <-> DISABLED <-> SERVER-WEBAPP McAfee ePolicy Orchestrator XML external entity injection attempt (server-webapp.rules) * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules) * 1:32057 <-> DISABLED <-> SERVER-WEBAPP ManageEngine multipartRequest servlet directory traversal attempt (server-webapp.rules) * 1:31729 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Password Manager MetadataServlet SQL injection attempt (server-webapp.rules) * 1:35017 <-> ENABLED <-> SERVER-WEBAPP Centreon makeXML_ListMetrics.php SQL injection attempt (server-webapp.rules) * 1:34284 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense firewall_rules cross site scripting attempt (server-webapp.rules) * 1:35680 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules) * 1:35372 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:34361 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense deletefile directory traversal attempt (server-webapp.rules) * 1:34495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:33011 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:32628 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:35399 <-> DISABLED <-> SERVER-WEBAPP WordPress MailChimp Subscribe Forms PHP Code Execution command injection attempt (server-webapp.rules) * 1:34898 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:36191 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:37938 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:31986 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (file-other.rules) * 1:32745 <-> DISABLED <-> SERVER-WEBAPP ManageEngine NetFlow Analyzer information disclosure attempt (server-webapp.rules) * 1:34943 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34894 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:35014 <-> ENABLED <-> SERVER-WEBAPP Centreon GetXMLTrapsForVendor.php SQL injection attempt (server-webapp.rules) * 1:35429 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules) * 1:43674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:32276 <-> DISABLED <-> SERVER-WEBAPP WordPress Infusionsoft Gravity Forms Plugin arbitrary code execution attempt (server-webapp.rules) * 1:33033 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:35765 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:35374 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:34525 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType blend memory corruption attempt (file-pdf.rules) * 1:37832 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:36613 <-> DISABLED <-> SERVER-WEBAPP McAfee Cloud Single Sign ExtensionAccessServlet directory traversal attempt (server-webapp.rules) * 1:32323 <-> DISABLED <-> SERVER-WEBAPP WordPress Custom Contact Forms plugin SQL export attempt (server-webapp.rules) * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:34635 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules) * 1:34221 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules) * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32324 <-> DISABLED <-> SERVER-WEBAPP WordPress Custom Contact Forms plugin arbitrary SQL execution attempt (server-webapp.rules) * 1:33040 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:31823 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM remote_task command injection attempt (server-webapp.rules) * 1:38965 <-> DISABLED <-> SERVER-WEBAPP VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (server-webapp.rules) * 1:33598 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central MSP StatusUpdateServlet directory traversal attempt (server-webapp.rules) * 1:35413 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:32056 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:34484 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34900 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules) * 1:34915 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro quserex.dll dll-load exploit attempt (netbios.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:34159 <-> ENABLED <-> FILE-FLASH Adobe Flash Player EAC3 memory corruption attempt (file-flash.rules) * 1:35033 <-> DISABLED <-> SERVER-WEBAPP LANDesk Management Suite remote file include attempt (server-webapp.rules) * 1:35679 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules) * 1:32582 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker XmlImportExport plugin PHP code injection attempt (server-webapp.rules) * 1:34222 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules) * 1:34539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34239 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (server-other.rules) * 1:34486 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34349 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34907 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:34167 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:36384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:34526 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Cooltype callother memory corruption attempt (file-pdf.rules) * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:35094 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (file-other.rules) * 1:37854 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router cross site scripting attempt (server-webapp.rules) * 1:32232 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:34619 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (server-webapp.rules) * 1:36192 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:35734 <-> DISABLED <-> SERVER-WEBAPP Netgear WNDR4700 and R6200 admin interface authentication bypass attempt (server-webapp.rules) * 1:34343 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:36900 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive showRecxml.jsp directory traversal attempt (server-webapp.rules) * 1:34806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:38266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word HTML linked objects memory corruption attempt (file-office.rules) * 1:34911 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules) * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:34426 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:32076 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (server-other.rules) * 1:35442 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:34938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:36562 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:32739 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:35678 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:32961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:37242 <-> ENABLED <-> SERVER-WEBAPP D-Link DCS-900 Series Network Camera arbitrary file upload attempt (server-webapp.rules) * 1:31878 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:34798 <-> DISABLED <-> SERVER-OTHER HP LoadRunner launcher.dll stack buffer overflow attempt (server-other.rules) * 1:37939 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:37934 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager LIST stack overflow attempt (protocol-ftp.rules) * 1:34493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (server-webapp.rules) * 1:38012 <-> DISABLED <-> SERVER-WEBAPP Alienvault OSSIM graph_geoloc.php SQL injection attempt (server-webapp.rules) * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules) * 1:36376 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework lcfd endpoint daemon buffer overflow attempt (server-other.rules) * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:35280 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules) * 1:32793 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:34538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:31819 <-> DISABLED <-> SERVER-WEBAPP HP Network Virtualization toServerObject directory traversal attempt (server-webapp.rules) * 1:34358 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWALL SonicOS macIpSpoofView cross site scripting attempt (server-webapp.rules) * 1:31743 <-> DISABLED <-> SERVER-WEBAPP Wordpress WPTouch file upload remote code execution attempt (server-webapp.rules) * 1:31855 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 64 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:35000 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management queryid SQL injection attempt (server-webapp.rules) * 1:33029 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules) * 1:34364 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (server-webapp.rules) * 1:3519 <-> DISABLED <-> SERVER-MYSQL MaxDB WebSQL wppassword buffer overflow default port (server-mysql.rules) * 1:34577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:31818 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral statusUpdate servlet directory traversal attempt (server-webapp.rules) * 1:3518 <-> DISABLED <-> SERVER-MYSQL MaxDB WebSQL wppassword buffer overflow (server-mysql.rules) * 1:36375 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework Endpoint default HTTP password authentication attempt (server-other.rules) * 1:35440 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:31853 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A WPA key enumeration attempt (protocol-snmp.rules) * 1:33938 <-> DISABLED <-> SERVER-WEBAPP Seagate BlackArmor NAS send_test_email command injection attempt (server-webapp.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:36507 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:34106 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (server-webapp.rules) * 1:35532 <-> DISABLED <-> SERVER-WEBAPP Apache HTTP server mod_cache denial of service attempt (server-webapp.rules) * 1:34375 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:33009 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:34912 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules) * 1:32234 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:33074 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (server-webapp.rules) * 1:36527 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:34245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34606 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts saveFile.jsp directory traversal attempt (server-webapp.rules) * 1:34799 <-> ENABLED <-> SERVER-WEBAPP UPnP AddPortMapping SOAP action command injection attempt (server-webapp.rules) * 1:34492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:35702 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:37148 <-> DISABLED <-> SERVER-WEBAPP WordPress Gallery Objects Plugin viewid SQL injection attempt (server-webapp.rules) * 1:35365 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:38267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word HTML linked objects memory corruption attempt (file-office.rules) * 1:37857 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router cross site scripting attempt (server-webapp.rules) * 1:34908 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:33442 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:34359 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense deletefile directory traversal attempt (server-webapp.rules) * 1:32963 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:32971 <-> DISABLED <-> SERVER-WEBAPP HP System Management iprange parameter buffer overflow attempt (server-webapp.rules) * 1:36596 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules) * 1:35417 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (server-other.rules) * 1:33917 <-> DISABLED <-> SERVER-WEBAPP HP ArcSight Logger directory traversal attempt (server-webapp.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:35364 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:37362 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules) * 1:35531 <-> DISABLED <-> SERVER-WEBAPP Apache HTTP server mod_cache denial of service attempt (server-webapp.rules) * 1:35677 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance KSudoClient privilege escalation attempt (server-webapp.rules) * 1:34605 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts saveFile.jsp directory traversal attempt (server-webapp.rules) * 1:31838 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Eventlog Analyzer directory traversal attempt (server-webapp.rules) * 1:34471 <-> ENABLED <-> SERVER-WEBAPP Symantec Critical System Protection directory traversal attempt (server-webapp.rules) * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules) * 1:31945 <-> DISABLED <-> SERVER-WEBAPP PhpWiki Ploticus plugin command injection attempt (server-webapp.rules) * 1:35944 <-> ENABLED <-> SERVER-MAIL IBM Domino BMP color palette stack buffer overflow attempt (server-mail.rules) * 1:32738 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:33197 <-> DISABLED <-> SERVER-OTHER BMC Track-It FileStorageService directory traversal attempt (server-other.rules) * 1:34902 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:37803 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31881 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:37097 <-> DISABLED <-> SERVER-WEBAPP Joomla Component com_gmaps SQL injection attempt (server-webapp.rules) * 1:37664 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:34524 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType blend memory corruption attempt (file-pdf.rules) * 1:38191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:31856 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products WPA key enumeration attempt (protocol-snmp.rules) * 1:34940 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:32199 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 305 directory traversal attempt (server-other.rules) * 1:35541 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftagent SQL injection attempt (server-other.rules) * 1:31851 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 128 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:35253 <-> DISABLED <-> SERVER-OTHER LibreOffice Impress socket manager Use After Free attempt (server-other.rules) * 1:45399 <-> DISABLED <-> FILE-OTHER Adobe Photoshop asset elements stack based buffer overflow attempt (file-other.rules) * 1:32969 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP name parameter directory traversal attempt (server-webapp.rules) * 1:34300 <-> ENABLED <-> SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (server-webapp.rules) * 1:34000 <-> DISABLED <-> SERVER-WEBAPP Berta Content Management System PHP code execution attempt (server-webapp.rules) * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:35704 <-> DISABLED <-> SERVER-WEBAPP Maarch LetterBox arbitrary PHP file upload attempt (server-webapp.rules) * 1:33915 <-> DISABLED <-> SERVER-WEBAPP HP ArcSight Logger directory traversal attempt (server-webapp.rules) * 1:35682 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules) * 1:35118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:34890 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32ZLib.dll dll-load exploit attempt (file-other.rules) * 1:34472 <-> DISABLED <-> SERVER-WEBAPP Symantec Critical System Protection SQL injection attempt (server-webapp.rules) * 1:34914 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules) * 1:33447 <-> DISABLED <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt (server-webapp.rules) * 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:34169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:34157 <-> ENABLED <-> FILE-FLASH Adobe Flash Player EAC3 memory corruption attempt (file-flash.rules) * 1:32233 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:34244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:33038 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:34901 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:33032 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33665 <-> ENABLED <-> SERVER-OTHER HP Client Automation command injection attempt (server-other.rules) * 1:36886 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:34285 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense firewall_shaper cross site scripting attempt (server-webapp.rules) * 1:34483 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules) * 1:33581 <-> DISABLED <-> SERVER-WEBAPP nginx URI processing security bypass attempt (server-webapp.rules) * 1:34360 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense deletefile directory traversal attempt (server-webapp.rules) * 1:32901 <-> DISABLED <-> FILE-OTHER Advantech ADAMView GeniDAQ display designer stack buffer overflow attempt (file-other.rules) * 1:32347 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:33894 <-> DISABLED <-> SERVER-WEBAPP TWiki debugenableplugins arbitrary perl code injection attempt (server-webapp.rules) * 1:33037 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33652 <-> DISABLED <-> SERVER-WEBAPP Solarwinds Orion AccountManagement SQL injection attempt (server-webapp.rules) * 1:35367 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:32337 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (file-pdf.rules) * 1:33659 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules) * 1:34158 <-> ENABLED <-> FILE-FLASH Adobe Flash Player EAC3 memory corruption attempt (file-flash.rules) * 1:33890 <-> DISABLED <-> SERVER-WEBAPP Websense Triton CommandLineServlet command injection attempt (server-webapp.rules) * 1:34352 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:33006 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:35427 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules) * 1:36461 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost sadminpwd buffer overflow attempt (server-other.rules) * 1:34941 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:33573 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products FailOverHelperServlet information disclosure attempt (server-webapp.rules) * 1:33008 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33651 <-> DISABLED <-> SERVER-WEBAPP Solarwinds Orion AccountManagement SQL injection attempt (server-webapp.rules) * 1:32970 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP name parameter directory traversal attempt (server-webapp.rules) * 1:36529 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:34353 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:33039 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:35048 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33599 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central MSP StatusUpdateServlet directory traversal attempt (server-webapp.rules) * 1:32109 <-> DISABLED <-> SERVER-WEBAPP Easy File Management stack buffer overflow attempt (server-webapp.rules) * 1:36261 <-> DISABLED <-> SERVER-WEBAPP PHP fileinfo cdf_read_property_info denial of service attempt (server-webapp.rules) * 1:36544 <-> DISABLED <-> SERVER-WEBAPP pChart script parameter directory traversal attempt (server-webapp.rules) * 1:33031 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:36510 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:36462 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost verifypwd buffer overflow attempt (server-other.rules) * 1:34899 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:38272 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:36528 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:34906 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:31880 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:32348 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:35281 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules) * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:36493 <-> DISABLED <-> SERVER-OTHER Squid snmphandleUDP off-by-one buffer overflow attempt (server-other.rules) * 1:31745 <-> DISABLED <-> SERVER-WEBAPP vTiger CRM install module command injection attempt (server-webapp.rules) * 1:32352 <-> ENABLED <-> SERVER-WEBAPP Centreon displayServiceStatus.php command injection attempt (server-webapp.rules) * 1:35375 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:33035 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:31890 <-> DISABLED <-> SERVER-MAIL Exim Dovecot LDA sender_address command injection attempt (server-mail.rules) * 1:35763 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:32902 <-> DISABLED <-> FILE-OTHER Advantech ADAMView GeniDAQ display designer stack buffer overflow attempt (file-other.rules) * 1:37133 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules) * 1:34552 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:34527 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Cooltype callother memory corruption attempt (file-pdf.rules) * 1:32794 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:33937 <-> DISABLED <-> SERVER-WEBAPP TRENDnet TN200 Network Storage System command injection attempt (server-webapp.rules) * 1:34215 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense diag_logs_filter cross site scripting attempt (server-webapp.rules) * 1:34374 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:33658 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules) * 1:34243 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:38189 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules) * 1:35366 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:32601 <-> DISABLED <-> SERVER-OTHER Hikvision DVR RTSP request buffer overflow attempt (server-other.rules) * 1:34168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:33896 <-> DISABLED <-> SERVER-WEBAPP OpenNMS XML external entity injection attempt (server-webapp.rules) * 1:37830 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:35079 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules) * 1:34602 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (server-webapp.rules) * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:35314 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_proxy denial of service attempt (server-apache.rules) * 1:36564 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (file-multimedia.rules) * 1:33448 <-> DISABLED <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt (server-webapp.rules) * 1:33516 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:36565 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (file-multimedia.rules) * 1:33514 <-> DISABLED <-> SERVER-WEBAPP WordPress Photo Gallery PHP code execution attempt (server-webapp.rules) * 1:31987 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (file-other.rules) * 1:33653 <-> DISABLED <-> SERVER-WEBAPP Solarwinds Orion AccountManagement SQL injection attempt (server-webapp.rules) * 1:35032 <-> DISABLED <-> SERVER-WEBAPP LANDesk Management Suite remote file include attempt (server-webapp.rules) * 1:32753 <-> ENABLED <-> SERVER-WEBAPP FreePBX Framework Asterisk recording interface PHP unserialize code execution attempt (server-webapp.rules) * 1:34104 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (server-webapp.rules) * 1:33936 <-> DISABLED <-> SERVER-WEBAPP TRENDnet TN200 Network Storage System command injection attempt (server-webapp.rules) * 1:35049 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:33517 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:34350 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37098 <-> DISABLED <-> SERVER-WEBAPP Joomla Component com_gmaps SQL injection attempt (server-webapp.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:32235 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:35441 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:32371 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:36059 <-> DISABLED <-> SERVER-WEBAPP PHP CDF file handling infinite loop dos attempt (server-webapp.rules) * 1:31889 <-> DISABLED <-> SERVER-MAIL Exim Dovecot LDA sender_address command injection attempt (server-mail.rules) * 1:35078 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules) * 1:34220 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules) * 1:36508 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:34363 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management GetStoredResult.class SQL injection attempt (server-webapp.rules) * 1:35373 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:36614 <-> DISABLED <-> SERVER-WEBAPP McAfee Cloud Single Sign ExtensionAccessServlet directory traversal attempt (server-webapp.rules) * 1:34185 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense status_captiveportal cross site scripting attempt (server-webapp.rules) * 1:32084 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:33113 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory IMONITOR cross site scripting attempt (server-webapp.rules) * 1:36902 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive showRecxml.jsp directory traversal attempt (server-webapp.rules) * 1:34579 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:33934 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Marketplace plugin directory traversal attempt (server-webapp.rules) * 1:32581 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker XmlImportExport plugin PHP code injection attempt (server-webapp.rules) * 1:35766 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:37099 <-> DISABLED <-> SERVER-WEBAPP Joomla Component com_gmaps SQL injection attempt (server-webapp.rules) * 1:35560 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid stsd atom out of bounds read attempt (file-multimedia.rules) * 1:32620 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (file-other.rules) * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:34481 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:37096 <-> DISABLED <-> SERVER-WEBAPP Joomla Component com_gmaps SQL injection attempt (server-webapp.rules) * 1:31877 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:33278 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:37363 <-> DISABLED <-> SERVER-OTHER Java Library SpringFramework unauthorized serialized object attempt (server-other.rules) * 1:35939 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules) * 1:34427 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:33012 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:34803 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35764 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:34241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:33441 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:37940 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:31798 <-> DISABLED <-> SERVER-WEBAPP HP Network Virtualization storedNtxFile directory traversal attempt (server-webapp.rules) * 1:33574 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products FailOverHelperServlet information disclosure attempt (server-webapp.rules) * 1:34580 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:35534 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules) * 1:34156 <-> ENABLED <-> FILE-FLASH Adobe Flash Player EAC3 memory corruption attempt (file-flash.rules) * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:34897 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:32742 <-> ENABLED <-> SERVER-WEBAPP Arris VAP2500 tools_command.php command execution attempt (server-webapp.rules) * 1:35428 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules) * 1:34896 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:34056 <-> DISABLED <-> SERVER-WEBAPP Lexmark Markvision Enterprise LibraryFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:33114 <-> DISABLED <-> SERVER-WEBAPP HP System Management Homepage cross site scripting attempt (server-webapp.rules) * 1:32974 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (os-mobile.rules) * 1:34488 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:35858 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:31956 <-> DISABLED <-> SERVER-WEBAPP Rejetto HttpFileServer command injection attempt (server-webapp.rules) * 1:33935 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Marketplace plugin privilege escalation attempt (server-webapp.rules) * 1:34620 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (server-webapp.rules) * 1:32885 <-> DISABLED <-> SERVER-WEBAPP Enalean Tuleap PHP unserialize code execution attempt (server-webapp.rules) * 1:36563 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:36262 <-> DISABLED <-> SERVER-WEBAPP PHP fileinfo cdf_read_property_info denial of service attempt (server-webapp.rules) * 1:31731 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway dbutils.php SQL injection attempt (server-webapp.rules) * 1:37833 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:36509 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:33041 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:37943 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:34903 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:37828 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:38897 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 aires.dll dll-load exploit attempt (file-other.rules) * 1:34166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:38192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:33657 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules) * 1:33916 <-> DISABLED <-> SERVER-WEBAPP HP ArcSight Logger directory traversal attempt (server-webapp.rules) * 1:33276 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:31892 <-> DISABLED <-> SERVER-WEBAPP HybridAuth install.php code injection attempt (server-webapp.rules) * 1:32619 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (file-other.rules) * 1:31912 <-> DISABLED <-> SERVER-WEBAPP cPanel 9.01 multiple URI parameters cross site scripting attempt (server-webapp.rules) * 1:34578 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:33030 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:34621 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (server-webapp.rules) * 1:34494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:36197 <-> DISABLED <-> SERVER-WEBAPP nginx SMTP proxy STARTTLS plaintext command injection attempt (server-webapp.rules) * 1:34999 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management queryid SQL injection attempt (server-webapp.rules) * 1:34055 <-> DISABLED <-> SERVER-WEBAPP Lexmark Markvision Enterprise LibraryFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:33813 <-> DISABLED <-> SERVER-WEBAPP Eclipse Foundation Jetty HttpParser information disclosure attempt (server-webapp.rules) * 1:32377 <-> DISABLED <-> FILE-OFFICE Microsoft Office invalid MS-OGRAPH DataFormat buffer overflow attempt (file-office.rules) * 1:35015 <-> ENABLED <-> SERVER-WEBAPP Centreon GetXmlTree.php SQL injection attempt (server-webapp.rules) * 1:33853 <-> DISABLED <-> SERVER-WEBAPP D-Link multiple products ping.ccp command injection attempt (server-webapp.rules) * 1:33440 <-> DISABLED <-> SERVER-WEBAPP WordPress EasyCart PHP code execution attempt (server-webapp.rules) * 1:33889 <-> DISABLED <-> SERVER-WEBAPP Websense Triton CommandLineServlet command injection attempt (server-webapp.rules) * 1:35418 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (server-other.rules) * 1:38351 <-> DISABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt (server-webapp.rules) * 1:34105 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (server-webapp.rules) * 1:37829 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:32085 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:31728 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central LinkViewFetchServlet SQL injection attempt (server-webapp.rules) * 1:4637 <-> DISABLED <-> SERVER-OTHER MailEnable HTTPMail buffer overflow attempt (server-other.rules) * 1:31697 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (server-webapp.rules) * 1:31730 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway dbutils.php SQL injection attempt (server-webapp.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:1209 <-> DISABLED <-> SERVER-WEBAPP .nsconfig access (server-webapp.rules) * 1:12286 <-> DISABLED <-> FILE-OTHER PCRE character class heap buffer overflow attempt (file-other.rules) * 1:12362 <-> DISABLED <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt (server-webapp.rules) * 1:12746 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid stsd atom out of bounds read attempt (file-multimedia.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:13293 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime panorama atoms buffer overflow attempt (file-multimedia.rules) * 1:13487 <-> DISABLED <-> PUA-ADWARE Adware elite protector runtime detection (pua-adware.rules) * 1:13816 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (server-webapp.rules) * 1:13817 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (server-webapp.rules) * 1:13818 <-> DISABLED <-> SERVER-WEBAPP PHP alternate xmlrpc.php command injection attempt (server-webapp.rules) * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:13866 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection - popup ads (malware-other.rules) * 1:13867 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection (malware-other.rules) * 1:13902 <-> DISABLED <-> SERVER-OTHER IBM Lotus Sametime multiplexer stack buffer overflow attempt (server-other.rules) * 1:13916 <-> DISABLED <-> SERVER-WEBAPP Alt-N SecurityGateway username buffer overflow attempt (server-webapp.rules) * 1:13925 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager PASV stack overflow attempt (protocol-ftp.rules) * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules) * 1:13940 <-> DISABLED <-> PUA-ADWARE Hijacker win32.bho.bgf outbound connection (pua-adware.rules) * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules) * 1:14230 <-> DISABLED <-> SERVER-WEBAPP SAP DB web server stack buffer overflow attempt (server-webapp.rules) * 1:14265 <-> DISABLED <-> PROTOCOL-SCADA Multiple Schneider Electric SCADA products buffer overflow attempt (protocol-scada.rules) * 1:14607 <-> DISABLED <-> SERVER-OTHER CA Brightstor SUN RPC malformed string buffer overflow attempt (server-other.rules) * 1:14608 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules) * 1:14609 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules) * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules) * 1:1478 <-> DISABLED <-> SERVER-WEBAPP Simple Web Counter URI Parameter Buffer Overflow attempt (server-webapp.rules) * 1:1485 <-> DISABLED <-> SERVER-IIS mkilog.exe access (server-iis.rules) * 1:15472 <-> DISABLED <-> FILE-MULTIMEDIA Multiple MP3 player PLS buffer overflow attempt (file-multimedia.rules) * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (protocol-imap.rules) * 1:15562 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (file-pdf.rules) * 1:15896 <-> DISABLED <-> SERVER-OTHER Firebird SQL op_connect_request denial of service attempt (server-other.rules) * 1:15939 <-> DISABLED <-> SERVER-OTHER MSN Messenger IRC bot calling home attempt (server-other.rules) * 1:16051 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules) * 1:16098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.cekar variant outbound connection (malware-cnc.rules) * 1:16131 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker trojan zlob.dnz runtime detection - ads (malware-other.rules) * 1:16140 <-> DISABLED <-> MALWARE-CNC torpig-mebroot command and control checkin (malware-cnc.rules) * 1:16184 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (server-other.rules) * 1:16231 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:16271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS.1.Gen keepalive detection (malware-cnc.rules) * 1:16365 <-> DISABLED <-> PUA-ADWARE OnlineGames download attempt (pua-adware.rules) * 1:16366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (os-windows.rules) * 1:16494 <-> DISABLED <-> PUA-ADWARE Cutwail spambot server communication attempt (pua-adware.rules) * 1:16498 <-> DISABLED <-> PUA-ADWARE PC Antispyware 2010 FakeAV download/update attempt (pua-adware.rules) * 1:16598 <-> DISABLED <-> SERVER-OTHER Green Dam URL handling overflow attempt (server-other.rules) * 1:16606 <-> DISABLED <-> SERVER-ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt (server-oracle.rules) * 1:16636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET framework XMLDsig data tampering attempt (os-windows.rules) * 1:16638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt (file-office.rules) * 1:16665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Help Centre escape sequence XSS attempt (os-windows.rules) * 1:16688 <-> DISABLED <-> SERVER-OTHER iscsi target format string code execution attempt (server-other.rules) * 1:16689 <-> DISABLED <-> SERVER-OTHER Palo Alto Networks Firewall editUser.esp XSS attempt (server-other.rules) * 1:16692 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules) * 1:16696 <-> DISABLED <-> FILE-OTHER Astonsoft Deepburner db file path buffer overflow attempt (file-other.rules) * 1:16726 <-> DISABLED <-> FILE-OTHER gAlan malformed file stack overflow attempt (file-other.rules) * 1:16727 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules) * 1:16731 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:16732 <-> DISABLED <-> FILE-OTHER SafeNet SoftRemote multiple policy file local overflow attempt (file-other.rules) * 1:16733 <-> DISABLED <-> FILE-OTHER UltraISO CCD file handling overflow attempt (file-other.rules) * 1:16736 <-> DISABLED <-> FILE-OTHER VariCAD multiple products DWB file handling overflow attempt (file-other.rules) * 1:16737 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 1 (file-multimedia.rules) * 1:16738 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 2 (file-multimedia.rules) * 1:16751 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (file-multimedia.rules) * 1:16752 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (file-multimedia.rules) * 1:16753 <-> DISABLED <-> SERVER-WEBAPP VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (server-webapp.rules) * 1:16787 <-> DISABLED <-> FILE-OTHER Symantec multiple products AeXNSConsoleUtilities RunCMD buffer overflow attempt (file-other.rules) * 1:17103 <-> DISABLED <-> SERVER-IIS IIS 5.1 alternate data stream authentication bypass attempt (server-iis.rules) * 1:17139 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System HNDLRSVC arbitrary command execution attempt (server-other.rules) * 1:17155 <-> DISABLED <-> SERVER-OTHER Multiple vendors OPIE off-by-one stack buffer overflow attempt (server-other.rules) * 1:17234 <-> ENABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules) * 1:17235 <-> ENABLED <-> MALWARE-CNC VBMania mass mailing worm download (malware-cnc.rules) * 1:17238 <-> DISABLED <-> FILE-OTHER ACD Systems ACDSee Products XBM file handling buffer overflow attempt (file-other.rules) * 1:17250 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt (file-office.rules) * 1:17256 <-> DISABLED <-> OS-WINDOWS Microsoft Windows uniscribe fonts parsing memory corruption attempt (os-windows.rules) * 1:17301 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:17308 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:17373 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime panorama atoms buffer overflow attempt (file-multimedia.rules) * 1:17440 <-> DISABLED <-> SERVER-IIS RSA authentication agent for web redirect buffer overflow attempt (server-iis.rules) * 1:17505 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:17506 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:17507 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:17560 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word global array index heap overflow attempt (file-office.rules) * 1:17805 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Neeris.BF variant outbound connection (malware-cnc.rules) * 1:18102 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt (file-pdf.rules) * 1:18222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules) * 1:18224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules) * 1:18227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:18247 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules) * 1:18279 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karagany.A variant outbound connection (malware-cnc.rules) * 1:18281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.njz variant outbound connection (malware-cnc.rules) * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (server-webapp.rules) * 1:18448 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:18451 <-> DISABLED <-> FILE-PDF Adobe Acrobat ICC color integer overflow attempt (file-pdf.rules) * 1:18453 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:18457 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D rgba parsing overflow attempt (file-pdf.rules) * 1:18478 <-> DISABLED <-> SERVER-WEBAPP miniBB rss.php premodDir remote file include attempt (server-webapp.rules) * 1:18479 <-> DISABLED <-> SERVER-WEBAPP miniBB rss.php pathToFiles remote file include attempt (server-webapp.rules) * 1:18488 <-> DISABLED <-> FILE-OTHER Adobe Photoshop wintab32.dll dll-load exploit attempt (file-other.rules) * 1:18489 <-> DISABLED <-> FILE-OTHER Adobe Photoshop wintab32.dll dll-load exploit attempt (file-other.rules) * 1:18506 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules) * 1:18507 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules) * 1:18511 <-> DISABLED <-> SERVER-OTHER Sourcefire Snort packet fragmentation reassembly denial of service attempt (server-other.rules) * 1:18524 <-> DISABLED <-> SERVER-OTHER Multiple vendor anti-virus extended ASCII filename scan bypass attempt (server-other.rules) * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18529 <-> DISABLED <-> FILE-OTHER Adobe Premiere Pro ibfs32.dll dll-load exploit attempt (file-other.rules) * 1:18530 <-> DISABLED <-> FILE-OTHER Adobe Premier Pro ibfs32.dll dll-load exploit attempt (file-other.rules) * 1:18531 <-> DISABLED <-> SERVER-OTHER Multiple Vendors iacenc.dll dll-load exploit attempt (server-other.rules) * 1:18532 <-> DISABLED <-> OS-WINDOWS Multiple Vendors iacenc.dll dll-load exploit attempt (os-windows.rules) * 1:18535 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word file sprmTSetBrc processing buffer overflow attempt (file-office.rules) * 1:18562 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.LivePcCare variant outbound connection (malware-cnc.rules) * 1:18575 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager LIST stack overflow attempt (protocol-ftp.rules) * 1:18577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.agum variant outbound connection (malware-cnc.rules) * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (server-other.rules) * 1:18618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar.dpvy/Parkchicers.A/Delf checkin (malware-cnc.rules) * 1:18638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:18642 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:18643 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (file-office.rules) * 1:18707 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ControlCenter variant outbound connection (malware-cnc.rules) * 1:18708 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AntivirusSoft variant outbound connection (malware-cnc.rules) * 1:18709 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.aufm variant outbound connection (malware-cnc.rules) * 1:18711 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.SecurityCentral variant outbound connection (malware-cnc.rules) * 1:18712 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.XJRAntivirus variant outbound connection (malware-cnc.rules) * 1:18715 <-> ENABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (malware-cnc.rules) * 1:18716 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.H variant outbound connection (malware-cnc.rules) * 1:18717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.QO variant outbound connection (malware-cnc.rules) * 1:18718 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AdvancedDefender variant outbound connection (malware-cnc.rules) * 1:18719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.CBY variant outbound connection (malware-cnc.rules) * 1:18720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Terzib.A variant outbound connection (malware-cnc.rules) * 1:18723 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.CleanV variant outbound connection (malware-cnc.rules) * 1:18724 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ZeroClean variant outbound connection (malware-cnc.rules) * 1:18739 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Koobface.D variant outbound connection (malware-cnc.rules) * 1:18753 <-> DISABLED <-> SERVER-OTHER Zend Server Java Bridge remote code execution attempt (server-other.rules) * 1:18764 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules) * 1:18808 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail Server List Mailer Reply-To address buffer overflow attempt (server-mail.rules) * 1:18934 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- malware-cnc.rules) * 1:18936 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Win.Trojan.FakeAV (malware-cnc.rules) * 1:18937 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Win.Trojan.Krap (malware-cnc.rules) * 1:18939 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:18940 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Sality (malware-cnc.rules) * 1:18941 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - FakeAV (malware-cnc.rules) * 1:18942 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - MacProtector (malware-cnc.rules) * 1:18943 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - MacDefender (malware-cnc.rules) * 1:18945 <-> DISABLED <-> MALWARE-CNC Virus.Win32.Feberr variant outbound connection (malware-cnc.rules) * 1:18946 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IRCBot.FC variant outbound connection (malware-cnc.rules) * 1:18947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.FC variant outbound connection (malware-cnc.rules) * 1:18952 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:18976 <-> DISABLED <-> MALWARE-CNC Rogue-Software.AVCare variant outbound connection (malware-cnc.rules) * 1:18977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy variant outbound connection (malware-cnc.rules) * 1:18978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pasta.aoq variant outbound connection (malware-cnc.rules) * 1:18980 <-> DISABLED <-> MALWARE-CNC WinSpywareProtect variant outbound connection (malware-cnc.rules) * 1:18981 <-> DISABLED <-> MALWARE-CNC WinSpywareProtect variant outbound connection (malware-cnc.rules) * 1:18982 <-> DISABLED <-> MALWARE-CNC WinSpywareProtect variant outbound connection (malware-cnc.rules) * 1:18984 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Win32/Trojanclicker (malware-cnc.rules) * 1:18998 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:19016 <-> ENABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19017 <-> ENABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19018 <-> ENABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19019 <-> ENABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19021 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Win32.FraudLoad.dzm variant outbound connection (malware-cnc.rules) * 1:19023 <-> DISABLED <-> MALWARE-CNC IRC.Zapchast.zwrc variant outbound connection (malware-cnc.rules) * 1:19024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.StartPage variant outbound connection (malware-cnc.rules) * 1:19025 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Banker.Win32.Bancos.etf variant outbound connection (malware-cnc.rules) * 1:19027 <-> DISABLED <-> MALWARE-CNC BrowserModifier.Win32.Kerlofost variant outbound connection (malware-cnc.rules) * 1:19028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mailbot variant outbound connection (malware-cnc.rules) * 1:19030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uloadis variant outbound connection (malware-cnc.rules) * 1:19031 <-> DISABLED <-> MALWARE-CNC iPRIVACY variant outbound connection (malware-cnc.rules) * 1:19032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cornfemo variant outbound connection (malware-cnc.rules) * 1:19033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cornfemo variant outbound connection (malware-cnc.rules) * 1:19035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vilsel.baqb variant outbound connection (malware-cnc.rules) * 1:19036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IRCBrute.I variant outbound connection (malware-cnc.rules) * 1:19037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBrute.I variant outbound connection (malware-cnc.rules) * 1:19038 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (malware-cnc.rules) * 1:19039 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Linkbot.alr variant outbound connection (malware-cnc.rules) * 1:19040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linkbot.alr variant outbound connection (malware-cnc.rules) * 1:19041 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.C variant outbound connection (malware-cnc.rules) * 1:19042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.ACQE variant outbound connection (malware-cnc.rules) * 1:19043 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.BestBoan outbound connection (pua-adware.rules) * 1:19044 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.ThinkPoint outbound connection (pua-adware.rules) * 1:19045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.XQ variant outbound connection (malware-cnc.rules) * 1:19046 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.Winwebsec outbound connection (pua-adware.rules) * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules) * 1:19048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkness variant outbound connection (malware-cnc.rules) * 1:19050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra.fxe variant outbound connection (malware-cnc.rules) * 1:19052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (malware-cnc.rules) * 1:19053 <-> ENABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (malware-cnc.rules) * 1:19054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sisron.nelo variant outbound connection (malware-cnc.rules) * 1:19055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (malware-cnc.rules) * 1:19056 <-> ENABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19057 <-> ENABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19058 <-> ENABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (malware-cnc.rules) * 1:19059 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.SystemDefragmenter outbound connection (pua-adware.rules) * 1:19060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ponmocup.A variant outbound connection (malware-cnc.rules) * 1:19061 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Cashtitan contact to server attempt (pua-adware.rules) * 1:19062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakePlus variant outbound connection (malware-cnc.rules) * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (server-other.rules) * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (server-webapp.rules) * 1:19164 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:19206 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:19225 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SerAuxTrend biff record corruption attempt (file-office.rules) * 1:19309 <-> DISABLED <-> PUA-ADWARE hijacker starware videos outbound connection (pua-adware.rules) * 1:19310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen3 variant outbound connection (malware-cnc.rules) * 1:19312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aah variant outbound connection (malware-cnc.rules) * 1:19328 <-> ENABLED <-> MALWARE-CNC PointGuide variant outbound connection (malware-cnc.rules) * 1:19329 <-> DISABLED <-> MALWARE-CNC Faceback.exe variant outbound connection (malware-cnc.rules) * 1:19330 <-> DISABLED <-> MALWARE-CNC Adclicker Win.Trojan.Zlob.dnz variant outbound connection (malware-cnc.rules) * 1:19331 <-> DISABLED <-> MALWARE-CNC Adclicker Win.Trojan.Zlob.dnz variant outbound connection (malware-cnc.rules) * 1:19332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clampi variant outbound connection (malware-cnc.rules) * 1:19339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (malware-cnc.rules) * 1:19340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav TREAntivirus variant outbound connection (malware-cnc.rules) * 1:19341 <-> DISABLED <-> MALWARE-CNC Worm MSIL.AiO.a variant outbound connection (malware-cnc.rules) * 1:19342 <-> DISABLED <-> MALWARE-CNC Adware Professional variant outbound connection (malware-cnc.rules) * 1:19343 <-> DISABLED <-> MALWARE-CNC Adware Pro variant outbound connection (malware-cnc.rules) * 1:19344 <-> DISABLED <-> MALWARE-CNC AntiMalware Pro variant outbound connection (malware-cnc.rules) * 1:19345 <-> DISABLED <-> MALWARE-CNC REAnti variant outbound connection (malware-cnc.rules) * 1:19346 <-> DISABLED <-> MALWARE-CNC Additional Guard variant outbound connection (malware-cnc.rules) * 1:19348 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (malware-cnc.rules) * 1:19349 <-> DISABLED <-> MALWARE-CNC Fakeav Vaccineclear variant outbound connection (malware-cnc.rules) * 1:19351 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (malware-cnc.rules) * 1:19352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.D variant outbound connection (malware-cnc.rules) * 1:19353 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (malware-cnc.rules) * 1:19357 <-> ENABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (malware-cnc.rules) * 1:19358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (malware-cnc.rules) * 1:19359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dcbavict.A variant outbound connection (malware-cnc.rules) * 1:19360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dcbavict.A variant outbound connection (malware-cnc.rules) * 1:19361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dcbavict.A variant outbound connection (malware-cnc.rules) * 1:19363 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot.B variant outbound connection (malware-cnc.rules) * 1:19366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HXWAN.A variant outbound connection (malware-cnc.rules) * 1:19367 <-> DISABLED <-> MALWARE-CNC Win.Worm.Vaubeg.A variant outbound connection (malware-cnc.rules) * 1:19368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.IC variant outbound connection (malware-cnc.rules) * 1:19372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string javasw - Trojan.Banload (malware-cnc.rules) * 1:19391 <-> DISABLED <-> PUA-ADWARE Lost Door v3.0 (pua-adware.rules) * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19393 <-> DISABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tidserv variant outbound connection (malware-cnc.rules) * 1:19395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Monkif.J inbound connection - dest ip infected (malware-cnc.rules) * 1:19396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beastdoor.b variant outbound connection (malware-cnc.rules) * 1:19397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UltimateDefender.xv variant outbound connection (malware-cnc.rules) * 1:19398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BAT.Shutdown.ef variant outbound connection (malware-cnc.rules) * 1:19399 <-> DISABLED <-> MALWARE-CNC Email Worm Win32.Zhelatin.ch variant outbound connection (malware-cnc.rules) * 1:19400 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sddrop.D variant outbound connection (malware-cnc.rules) * 1:19401 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sddrop.D variant outbound connection (malware-cnc.rules) * 1:19402 <-> DISABLED <-> MALWARE-CNC P2P Worm.Win32.Malas.r variant outbound connection (malware-cnc.rules) * 1:19404 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ozdok variant outbound connection (malware-cnc.rules) * 1:19426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Crypter.i variant outbound connection (malware-cnc.rules) * 1:19427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.amjz variant outbound connection (malware-cnc.rules) * 1:19428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Adload.BG variant outbound connection (malware-cnc.rules) * 1:19429 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules) * 1:19433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fujacks.aw variant outbound connection (malware-cnc.rules) * 1:19434 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrCode (malware-cnc.rules) * 1:19435 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (malware-cnc.rules) * 1:19453 <-> DISABLED <-> PUA-ADWARE Sus.BancDI-B trojan outbound connection (pua-adware.rules) * 1:19454 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PWS.Win32.QQPass.IK variant outbound connection (malware-cnc.rules) * 1:19456 <-> DISABLED <-> MALWARE-CNC Packed.Win32.Klone.bj variant outbound connection (malware-cnc.rules) * 1:19457 <-> DISABLED <-> MALWARE-CNC Trojan-Clicker.Win32.Vesloruki.ajb variant outbound connection (malware-cnc.rules) * 1:19458 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules) * 1:19459 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules) * 1:19476 <-> DISABLED <-> MALWARE-CNC Exploit.Win32.SqlShell.r variant outbound connection (malware-cnc.rules) * 1:19477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap.af variant outbound connection (malware-cnc.rules) * 1:19478 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Taterf.B variant outbound connection (malware-cnc.rules) * 1:19479 <-> DISABLED <-> MALWARE-CNC Net-Worm.Win32.Piloyd.m variant outbound connection - request html (malware-cnc.rules) * 1:19480 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules) * 1:19481 <-> DISABLED <-> MALWARE-CNC Email-Worm.Win32.Agent.bx variant outbound connection (malware-cnc.rules) * 1:19482 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules) * 1:19483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reload.fy variant outbound connection (malware-cnc.rules) * 1:19485 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RAV1 (malware-cnc.rules) * 1:19486 <-> DISABLED <-> PUA-ADWARE W32.Fiala.A outbound connection (pua-adware.rules) * 1:19487 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.kih variant outbound connection (malware-cnc.rules) * 1:19488 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Failnum.A variant outbound connection (malware-cnc.rules) * 1:19489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DeAlfa.fa variant outbound connection (malware-cnc.rules) * 1:19490 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (malware-cnc.rules) * 1:19491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Genome.vau variant outbound connection (malware-cnc.rules) * 1:19492 <-> DISABLED <-> MALWARE-CNC Windows System Defender variant outbound connection (malware-cnc.rules) * 1:19493 <-> ENABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (malware-cnc.rules) * 1:19494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Licum variant outbound connection (malware-cnc.rules) * 1:19495 <-> DISABLED <-> MALWARE-CNC Win.Worm.Pilleuz variant outbound connection (malware-cnc.rules) * 1:19554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav Antivirus Xp Pro variant outbound connection (malware-cnc.rules) * 1:19555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules) * 1:19556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Homa variant outbound connection (malware-cnc.rules) * 1:19557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shark.ag variant outbound connection (malware-cnc.rules) * 1:19566 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules) * 1:19567 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules) * 1:19568 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.PerfectKeylogger variant outbound connection (malware-cnc.rules) * 1:19569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perkesh variant outbound connection (malware-cnc.rules) * 1:19570 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ie 11.0 sp6 (malware-cnc.rules) * 1:19571 <-> DISABLED <-> PUA-ADWARE Antivirus Agent Pro outbound connection (pua-adware.rules) * 1:19572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FFSearch variant outbound connection (malware-cnc.rules) * 1:19573 <-> DISABLED <-> MALWARE-CNC Win.Worm.Chiviper.C variant outbound connection (malware-cnc.rules) * 1:19574 <-> DISABLED <-> MALWARE-CNC Win.Worm.Chiviper.C variant outbound connection (malware-cnc.rules) * 1:19575 <-> DISABLED <-> MALWARE-CNC Win.Worm.Emold.U variant outbound connection (malware-cnc.rules) * 1:19576 <-> DISABLED <-> PUA-ADWARE Antivirus Pro 2010 outbound connection (pua-adware.rules) * 1:19577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Dogrobot.E variant outbound connection (malware-cnc.rules) * 1:19578 <-> DISABLED <-> PUA-ADWARE Personal Guard 2009 outbound connection (pua-adware.rules) * 1:19579 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (malware-cnc.rules) * 1:19580 <-> DISABLED <-> MALWARE-CNC Win.Worm.Basun.wsc inbound connection (malware-cnc.rules) * 1:19581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Apher.gpd variant outbound connection (malware-cnc.rules) * 1:19582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Apher.gpd variant outbound connection (malware-cnc.rules) * 1:19583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bumat.rts variant outbound connection (malware-cnc.rules) * 1:19584 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dref.C variant outbound connection (malware-cnc.rules) * 1:19585 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dref.C variant outbound connection - notification (malware-cnc.rules) * 1:19586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Agent.dlg variant outbound connection (malware-cnc.rules) * 1:19587 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sereki.B variant outbound connection (malware-cnc.rules) * 1:19588 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sereki.B successful connection (malware-cnc.rules) * 1:19589 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules) * 1:19590 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (malware-cnc.rules) * 1:19591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Powp.pyv variant outbound connection (malware-cnc.rules) * 1:19592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:19593 <-> DISABLED <-> MALWARE-CNC Win.Worm.Agent.btxm variant outbound connection IRC (malware-cnc.rules) * 1:19594 <-> DISABLED <-> PUA-ADWARE Win32.Fruspam outbound connection (pua-adware.rules) * 1:19595 <-> DISABLED <-> MALWARE-OTHER known malicious email string - You have received a Hallmark E-Card (malware-other.rules) * 1:19596 <-> DISABLED <-> MALWARE-CNC Poison Ivy variant outbound connection (malware-cnc.rules) * 1:19597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cws variant outbound connection (malware-cnc.rules) * 1:19598 <-> DISABLED <-> PUA-ADWARE Infostealer.Gampass outbound connection (pua-adware.rules) * 1:19608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wisscmd.A variant outbound connection (malware-cnc.rules) * 1:19611 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string INet - Win32.Virus.Jusabli.A (malware-cnc.rules) * 1:19612 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Banload.bvk variant outbound connection (malware-cnc.rules) * 1:19613 <-> DISABLED <-> MALWARE-CNC Rogue Software Registry Cleaner Pro variant outbound connection (malware-cnc.rules) * 1:19614 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IRCBot.kkr variant outbound connection (malware-cnc.rules) * 1:19615 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.kkr variant outbound connection (malware-cnc.rules) * 1:19616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Win32.Banbra.mcq variant outbound connection (malware-cnc.rules) * 1:19622 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (malware-cnc.rules) * 1:19623 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (malware-cnc.rules) * 1:19625 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (malware-cnc.rules) * 1:19626 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (malware-cnc.rules) * 1:19627 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (malware-cnc.rules) * 1:19628 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (malware-cnc.rules) * 1:19631 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (malware-cnc.rules) * 1:19632 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (malware-cnc.rules) * 1:19633 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (malware-cnc.rules) * 1:19635 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (malware-cnc.rules) * 1:19636 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (malware-cnc.rules) * 1:19637 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (malware-cnc.rules) * 1:19638 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (malware-cnc.rules) * 1:19652 <-> DISABLED <-> MALWARE-CNC Teevsock C variant outbound connection (malware-cnc.rules) * 1:19654 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.Zbot.wti variant outbound connection (malware-cnc.rules) * 1:19655 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Agent.IK variant outbound connection (malware-cnc.rules) * 1:19656 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Peace.lh variant outbound connection (malware-cnc.rules) * 1:19657 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules) * 1:19658 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (malware-cnc.rules) * 1:19659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soleseq.A variant outbound connection (malware-cnc.rules) * 1:19660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Riern.K variant outbound connection (malware-cnc.rules) * 1:19695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.VB.nec variant outbound connection (malware-cnc.rules) * 1:19696 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot.nng inbound connection (malware-cnc.rules) * 1:19697 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Win32.VB.btm variant outbound connection (malware-cnc.rules) * 1:19698 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prosti.AG variant outbound connection (malware-cnc.rules) * 1:19699 <-> DISABLED <-> MALWARE-CNC TrojanDownloader.Win32.Korklic.A variant outbound connection (malware-cnc.rules) * 1:19700 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.tnr variant outbound connection (malware-cnc.rules) * 1:19701 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hassar.A variant outbound connection (malware-cnc.rules) * 1:19702 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (malware-cnc.rules) * 1:19703 <-> ENABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (malware-cnc.rules) * 1:19704 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19705 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19706 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (malware-cnc.rules) * 1:19711 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:19712 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:19715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.URLZone variant outbound connection (malware-cnc.rules) * 1:19716 <-> DISABLED <-> MALWARE-CNC TrojanSpy.Win32.Banker.OO variant outbound connection (malware-cnc.rules) * 1:19717 <-> DISABLED <-> PUA-ADWARE Virus.Win32.Virut.ce outbound connection (pua-adware.rules) * 1:19718 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Agent.bkap variant outbound connection (malware-cnc.rules) * 1:19719 <-> DISABLED <-> MALWARE-CNC Email-Worm.Win32.Bagle.of variant outbound connection (malware-cnc.rules) * 1:19720 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Onestage.ws variant outbound connection (malware-cnc.rules) * 1:19721 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.mlh variant outbound connection (malware-cnc.rules) * 1:19722 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (malware-cnc.rules) * 1:19723 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (malware-cnc.rules) * 1:19724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:19725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (malware-cnc.rules) * 1:19726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (malware-cnc.rules) * 1:19727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.DI variant outbound connection (malware-cnc.rules) * 1:19728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yayih variant outbound connection (malware-cnc.rules) * 1:19729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yayih variant outbound connection (malware-cnc.rules) * 1:19730 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (malware-cnc.rules) * 1:19731 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (malware-cnc.rules) * 1:19732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (malware-cnc.rules) * 1:19733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.BRU variant outbound connection (malware-cnc.rules) * 1:19739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Apptom variant outbound connection (malware-cnc.rules) * 1:19740 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.aczu variant outbound connection (malware-cnc.rules) * 1:19741 <-> DISABLED <-> MALWARE-OTHER PWS.Win32.Scofted keylogger runtime detection (malware-other.rules) * 1:19742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.atff variant outbound connection (malware-cnc.rules) * 1:19743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon.eqlo variant outbound connection (malware-cnc.rules) * 1:19744 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Deecee.a variant outbound connection (malware-cnc.rules) * 1:19745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudLoad.dyl variant outbound connection (malware-cnc.rules) * 1:19746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.biiw variant outbound connection (malware-cnc.rules) * 1:19747 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.GGDoor.22 variant outbound connection (malware-backdoor.rules) * 1:19748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypt.ULPM.Gen IRC variant outbound connection (malware-cnc.rules) * 1:19749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.chgp variant outbound connection (malware-cnc.rules) * 1:19750 <-> DISABLED <-> MALWARE-CNC PWS.Win32.Zbot.PJ variant outbound connection (malware-cnc.rules) * 1:19751 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Sohanad.bm variant outbound connection (malware-cnc.rules) * 1:19752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:19753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TrojanSpy.Win32.Zbot.gen.C variant outbound connection (malware-cnc.rules) * 1:19754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Delf.RGL variant outbound connection (malware-cnc.rules) * 1:19755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alphabet variant outbound connection (malware-cnc.rules) * 1:19756 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules) * 1:19757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.bqlu variant outbound connection (malware-cnc.rules) * 1:19758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.yw variant outbound connection (malware-cnc.rules) * 1:19759 <-> DISABLED <-> MALWARE-CNC Trojan-PSW.Win32.FireThief.h variant outbound connection (malware-cnc.rules) * 1:19760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arsinfoder variant outbound connection (malware-cnc.rules) * 1:19761 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (malware-cnc.rules) * 1:19762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RDPdoor.AE variant outbound connection (malware-cnc.rules) * 1:19763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RDPdoor.AE variant outbound connection (malware-cnc.rules) * 1:19764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RDPdoor.AE variant outbound connection (malware-cnc.rules) * 1:19765 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:19766 <-> DISABLED <-> MALWARE-CNC Win.Worm.Autorun variant outbound connection (malware-cnc.rules) * 1:19767 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (malware-cnc.rules) * 1:19769 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (malware-cnc.rules) * 1:19770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19772 <-> ENABLED <-> MALWARE-CNC Virus.Win32.Parite.B variant outbound connection (malware-cnc.rules) * 1:19773 <-> DISABLED <-> MALWARE-CNC Virus.Win32.Parite.B variant outbound connection (malware-cnc.rules) * 1:19774 <-> DISABLED <-> MALWARE-CNC Gen-Trojan.Heur variant outbound connection (malware-cnc.rules) * 1:19775 <-> DISABLED <-> PUA-ADWARE PWS.Win32.Ldpinch.gen outbound connection (pua-adware.rules) * 1:19776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent2.guy dropper variant outbound connection (malware-cnc.rules) * 1:19777 <-> DISABLED <-> PUA-ADWARE Fast Antivirus 2009 outbound connection (pua-adware.rules) * 1:19781 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Agent.aqpn variant outbound connection (malware-cnc.rules) * 1:19782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AVKill.bc variant outbound connection (malware-cnc.rules) * 1:19783 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.agcw variant outbound connection (malware-cnc.rules) * 1:19784 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.sde variant outbound connection (malware-cnc.rules) * 1:19785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Malushka.T variant outbound connection (malware-cnc.rules) * 1:19786 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla (malware-cnc.rules) * 1:19787 <-> DISABLED <-> MALWARE-CNC Exploit-PDF.t variant outbound connection (malware-cnc.rules) * 1:19788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.VB.pnc variant outbound connection (malware-cnc.rules) * 1:19789 <-> ENABLED <-> MALWARE-CNC P2P Worm Win.Trojan.SpyBot.pgh variant outbound connection (malware-cnc.rules) * 1:19790 <-> DISABLED <-> MALWARE-CNC P2P Worm Win.Trojan.SpyBot.pgh variant outbound connection (malware-cnc.rules) * 1:19791 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Small.awa variant outbound connection (malware-cnc.rules) * 1:19792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Caxnet.A variant outbound connection (malware-cnc.rules) * 1:19793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.SillyFDC-DS variant outbound connection (malware-cnc.rules) * 1:19794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fnumbot variant outbound connection (malware-cnc.rules) * 1:19795 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV NoAdware variant outbound connection (malware-cnc.rules) * 1:19796 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DL.CashnJoy.A variant outbound connection (malware-cnc.rules) * 1:19797 <-> DISABLED <-> MALWARE-CNC Safety Center variant outbound connection (malware-cnc.rules) * 1:19798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent2.kxu variant outbound connection (malware-cnc.rules) * 1:19799 <-> DISABLED <-> MALWARE-CNC PWS.Win32.Zbot.gen.Q variant outbound connection (malware-cnc.rules) * 1:19800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pher.ij variant outbound connection (malware-cnc.rules) * 1:19801 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:19802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wixud.B variant outbound connection (malware-cnc.rules) * 1:19803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos.FH variant outbound connection (malware-cnc.rules) * 1:19804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.ktq variant outbound connection (malware-cnc.rules) * 1:19805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smser.cx variant outbound connection (malware-cnc.rules) * 1:19819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ertfor.A variant outbound connection (malware-cnc.rules) * 1:19820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ertfor.A variant outbound connection (malware-cnc.rules) * 1:19821 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Bagle.gen.C variant outbound connection (malware-cnc.rules) * 1:19822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.HH variant outbound connection (malware-cnc.rules) * 1:19823 <-> DISABLED <-> PUA-ADWARE Downloader.Banload.AKBB outbound connection (pua-adware.rules) * 1:19824 <-> DISABLED <-> MALWARE-CNC Gen-Trojan.Heur variant outbound connection (malware-cnc.rules) * 1:19825 <-> DISABLED <-> SERVER-APACHE Apache Killer denial of service tool exploit attempt (server-apache.rules) * 1:19827 <-> DISABLED <-> PUA-ADWARE PWS-QQGame outbound connection (pua-adware.rules) * 1:19828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyAgent.B variant outbound connection (malware-cnc.rules) * 1:19829 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbot.gen variant outbound connection (malware-cnc.rules) * 1:19830 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poebot.BP variant outbound connection (malware-cnc.rules) * 1:19831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.SO variant outbound connection (malware-cnc.rules) * 1:19832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veslorn.gen.A variant outbound connection (malware-cnc.rules) * 1:19833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.bda variant outbound connection (malware-cnc.rules) * 1:19834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZBot.RD variant outbound connection (malware-cnc.rules) * 1:19835 <-> DISABLED <-> PUA-ADWARE Delphi-Piette Windows (pua-adware.rules) * 1:19836 <-> DISABLED <-> MALWARE-CNC Spy-Net 0.7 runtime (malware-cnc.rules) * 1:19837 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules) * 1:19838 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules) * 1:19839 <-> DISABLED <-> PUA-ADWARE Antivirus XP 2008 runtime detection (pua-adware.rules) * 1:19840 <-> DISABLED <-> PUA-ADWARE XP Antispyware 2009 outbound connection (pua-adware.rules) * 1:19841 <-> DISABLED <-> PUA-ADWARE 0desa MSN password stealer (pua-adware.rules) * 1:19842 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules) * 1:19843 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules) * 1:19848 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (pua-adware.rules) * 1:19849 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (pua-adware.rules) * 1:19850 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.qgg variant outbound connection (malware-cnc.rules) * 1:19851 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.qgg variant outbound connection (malware-cnc.rules) * 1:19852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Delf.tbv variant outbound connection (malware-cnc.rules) * 1:19853 <-> DISABLED <-> PUA-ADWARE Wowpa KI outbound connection (pua-adware.rules) * 1:19856 <-> DISABLED <-> MALWARE-CNC Packed.Win32.Krap.i variant outbound connection (malware-cnc.rules) * 1:19857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon.hhbd variant outbound connection - Windows (malware-cnc.rules) * 1:19858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon.hhbd variant outbound connection - non-Windows (malware-cnc.rules) * 1:19859 <-> DISABLED <-> PUA-ADWARE XP Deluxe Protector outbound connection (pua-adware.rules) * 1:19860 <-> DISABLED <-> PUA-ADWARE Trust Warrior outbound connection (pua-adware.rules) * 1:19861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cqcv variant outbound connection (malware-cnc.rules) * 1:19862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar.iej variant outbound connection (malware-cnc.rules) * 1:19863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.yi variant outbound connection (malware-cnc.rules) * 1:19864 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (malware-cnc.rules) * 1:19865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arhost.D variant outbound connection (malware-cnc.rules) * 1:19895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.jwh variant outbound connection (malware-cnc.rules) * 1:19896 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Install Detection (pua-adware.rules) * 1:19897 <-> DISABLED <-> PUA-TOOLBARS Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Runtime Detection (pua-toolbars.rules) * 1:19898 <-> DISABLED <-> MALWARE-CNC Cinmus Variant variant outbound connection (malware-cnc.rules) * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules) * 1:19900 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (malware-other.rules) * 1:19901 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (malware-other.rules) * 1:19902 <-> DISABLED <-> PUA-ADWARE Targetedbanner.biz Adrotator outbound connection (pua-adware.rules) * 1:19903 <-> DISABLED <-> PUA-ADWARE Win32.Agent.vvm outbound connection (pua-adware.rules) * 1:19904 <-> DISABLED <-> PUA-ADWARE WinReanimator outbound connection (pua-adware.rules) * 1:19905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.jog variant outbound connection (malware-cnc.rules) * 1:19906 <-> DISABLED <-> PUA-TOOLBARS 6SQ Toolbar runtime detection (pua-toolbars.rules) * 1:19912 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (malware-cnc.rules) * 1:19913 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (malware-cnc.rules) * 1:19914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quivoe.A variant outbound connection (malware-cnc.rules) * 1:19915 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler.apd variant outbound connection (malware-cnc.rules) * 1:19916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.ACB variant outbound connection (malware-cnc.rules) * 1:19917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sogu.A variant outbound connection (malware-cnc.rules) * 1:19918 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ganelp.B variant outbound connection (malware-cnc.rules) * 1:19919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murcy.A variant outbound connection (malware-cnc.rules) * 1:19920 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reppserv.A outbond connection (malware-cnc.rules) * 1:19921 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puprlehzae.A variant outbound connection (malware-cnc.rules) * 1:19922 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz.ivr variant outbound connection (malware-cnc.rules) * 1:19923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Venik.B variant outbound connection (malware-cnc.rules) * 1:19924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spidern.A variant outbound connection (malware-cnc.rules) * 1:19927 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19928 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19929 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19930 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lineage.Gen.Pac.3 variant outbound connection (malware-cnc.rules) * 1:19934 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MYURL (malware-cnc.rules) * 1:19935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Delf.aba variant outbound connection (malware-cnc.rules) * 1:19936 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Delf.aba variant outbound connection (malware-cnc.rules) * 1:19939 <-> DISABLED <-> PUA-ADWARE WeatherStudio outbound connection (pua-adware.rules) * 1:19940 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.IRC.TKB variant outbound connection - dir4you (malware-cnc.rules) * 1:19941 <-> DISABLED <-> MALWARE-CNC TrojanSpy Win.Trojan.Zbot.Gen variant outbound connection (malware-cnc.rules) * 1:19942 <-> DISABLED <-> MALWARE-CNC TrojanSpy Win.Trojan.Zbot.Gen variant outbound connection (malware-cnc.rules) * 1:19944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Banload.ykl variant outbound connection (malware-cnc.rules) * 1:19945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Agent.amwd variant outbound connection (malware-cnc.rules) * 1:19946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Agent.amwd variant outbound connection (malware-cnc.rules) * 1:19947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.amwd variant outbound connection (malware-cnc.rules) * 1:19948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.asjk variant outbound connection (malware-cnc.rules) * 1:19949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.asjk variant outbound connection (malware-cnc.rules) * 1:19950 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Defsel inbound connection (malware-cnc.rules) * 1:19951 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Defsel variant outbound connection (malware-cnc.rules) * 1:19952 <-> ENABLED <-> MALWARE-CNC Biodox inbound connection (malware-cnc.rules) * 1:19953 <-> DISABLED <-> MALWARE-CNC Biodox variant outbound connection (malware-cnc.rules) * 1:19954 <-> DISABLED <-> MALWARE-CNC Hack Style RAT variant outbound connection (malware-cnc.rules) * 1:19955 <-> DISABLED <-> MALWARE-CNC PaiN RAT 0.1 variant outbound connection (malware-cnc.rules) * 1:19957 <-> DISABLED <-> MALWARE-CNC Arabian-Attacker 1.1.0 variant outbound connection (malware-cnc.rules) * 1:19958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aulk variant outbound connection (malware-cnc.rules) * 1:19959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aulk variant outbound connection (malware-cnc.rules) * 1:19960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aulk variant outbound connection (malware-cnc.rules) * 1:19961 <-> DISABLED <-> MALWARE-CNC Fouad 1.0 variant outbound connection (malware-cnc.rules) * 1:19962 <-> DISABLED <-> MALWARE-CNC Email-Worm.CryptBox-A variant outbound connection (malware-cnc.rules) * 1:19963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Banload.aajs variant outbound connection (malware-cnc.rules) * 1:19965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Agent.avzz variant outbound connection (malware-cnc.rules) * 1:19966 <-> DISABLED <-> MALWARE-CNC Octopus 0.1 inbound connection (malware-cnc.rules) * 1:19967 <-> DISABLED <-> MALWARE-CNC Trojan-PSW.Win32.Papras.dm variant outbound connection (malware-cnc.rules) * 1:19968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PSW.QQPass.amx variant outbound connection (malware-cnc.rules) * 1:19969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypt.CY variant outbound connection (malware-cnc.rules) * 1:19970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smalltroj.MHYR variant outbound connection (malware-cnc.rules) * 1:19971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop.lj variant outbound connection (malware-cnc.rules) * 1:19973 <-> DISABLED <-> MALWARE-CNC Worm.Win.Trojan.Nebuler.D variant outbound connection (malware-cnc.rules) * 1:19974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.bwj variant outbound connection (malware-cnc.rules) * 1:19975 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypt.vb variant outbound connection (malware-cnc.rules) * 1:19977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LooksLike.Zaplot variant outbound connection (malware-cnc.rules) * 1:19979 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (malware-cnc.rules) * 1:19980 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (malware-cnc.rules) * 1:19981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micstus.A runtime traffic detected (malware-cnc.rules) * 1:19982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.wwe variant outbound connection (malware-cnc.rules) * 1:19983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolabc.fic variant outbound connection (malware-cnc.rules) * 1:19984 <-> DISABLED <-> PUA-ADWARE Antivirus 2010 outbound connection (pua-adware.rules) * 1:19987 <-> DISABLED <-> PUA-ADWARE PCLiveGuard outbound connection (pua-adware.rules) * 1:19988 <-> DISABLED <-> MALWARE-CNC Asprox variant outbound connection (malware-cnc.rules) * 1:19989 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules) * 1:19990 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules) * 1:19991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PG runtime traffic detected (malware-cnc.rules) * 1:19992 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Farfli.A runtime traffic detected (malware-cnc.rules) * 1:19993 <-> DISABLED <-> MALWARE-CNC Win32 Poebot runtime traffic detected (malware-cnc.rules) * 1:19994 <-> DISABLED <-> PUA-ADWARE Antivirus 360 outbound connection (pua-adware.rules) * 1:19995 <-> ENABLED <-> MALWARE-CNC Waledac variant outbound connection (malware-cnc.rules) * 1:19996 <-> DISABLED <-> MALWARE-CNC Worm Brontok.C variant outbound connection (malware-cnc.rules) * 1:19997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PSW.Win32.QQPass.gam variant outbound connection (malware-cnc.rules) * 1:19998 <-> ENABLED <-> PUA-ADWARE IP address disclosure to advertisement sites attempt (pua-adware.rules) * 1:19999 <-> DISABLED <-> PUA-ADWARE ThreatNuker outbound connection (pua-adware.rules) * 1:20001 <-> ENABLED <-> MALWARE-CNC Allaple.e variant outbound connection (malware-cnc.rules) * 1:20002 <-> DISABLED <-> MALWARE-CNC Allaple.e variant outbound connection (malware-cnc.rules) * 1:20003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy Pilonoc runtime traffic detected (malware-cnc.rules) * 1:20004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy Pilonoc install-time traffic detected (malware-cnc.rules) * 1:20005 <-> DISABLED <-> MALWARE-CNC Win32 Lecna.cr runtime traffic detected (malware-cnc.rules) * 1:20006 <-> DISABLED <-> MALWARE-CNC Worm Plurp.A runtime traffic detected (malware-cnc.rules) * 1:20007 <-> DISABLED <-> PUA-ADWARE Cinmus.asaq outbound connection (pua-adware.rules) * 1:20008 <-> DISABLED <-> MALWARE-CNC Malware PDFMarca.A runtime traffic detected (malware-cnc.rules) * 1:20009 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules) * 1:20010 <-> DISABLED <-> MALWARE-CNC Win32/Babmote.A runtime TCP traffic detected (malware-cnc.rules) * 1:20011 <-> ENABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (malware-cnc.rules) * 1:20012 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules) * 1:20014 <-> DISABLED <-> MALWARE-CNC Kaju variant outbound connection - confirmation (malware-cnc.rules) * 1:20015 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:20016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:20017 <-> DISABLED <-> MALWARE-CNC Win.Worm.Koobface.dq variant outbound connection (malware-cnc.rules) * 1:20018 <-> DISABLED <-> MALWARE-CNC Win.Worm.Autorun variant outbound connection (malware-cnc.rules) * 1:20019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test (malware-cnc.rules) * 1:20021 <-> ENABLED <-> MALWARE-CNC Win.Worm.Brontok user-agent outbound connection (malware-cnc.rules) * 1:20022 <-> DISABLED <-> MALWARE-CNC Win.Worm.Padobot.z variant outbound connection (malware-cnc.rules) * 1:20023 <-> DISABLED <-> MALWARE-CNC Advanced Virus Remover variant outbound connection (malware-cnc.rules) * 1:20024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dreamy.bc variant outbound connection (malware-cnc.rules) * 1:20025 <-> DISABLED <-> PUA-ADWARE VirusBye outbound connection (pua-adware.rules) * 1:20026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Banker.abg.b variant outbound connection (malware-cnc.rules) * 1:20028 <-> DISABLED <-> MALWARE-CNC Windows Antivirus Pro variant outbound connection (malware-cnc.rules) * 1:20034 <-> DISABLED <-> FILE-OTHER ESTsoft ALZip MIM file buffer overflow attempt (file-other.rules) * 1:20035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Coinbit.A runtime traffic detected (malware-cnc.rules) * 1:20036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Agent.ndau runtime traffic detected (malware-cnc.rules) * 1:20037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (malware-cnc.rules) * 1:20038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (malware-cnc.rules) * 1:20039 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Hardcore Software (malware-cnc.rules) * 1:20040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KSpyPro.A variant outbound connection (malware-cnc.rules) * 1:20041 <-> DISABLED <-> PUA-ADWARE Adware.BB outbound connection (pua-adware.rules) * 1:20042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal outbond connection (malware-cnc.rules) * 1:20043 <-> DISABLED <-> MALWARE-CNC Adware Kraddare.AZ variant outbound connection (malware-cnc.rules) * 1:20057 <-> DISABLED <-> MALWARE-CNC BitCoin Miner IP query (malware-cnc.rules) * 1:20063 <-> DISABLED <-> PUA-ADWARE SecurityTool outbound connection (pua-adware.rules) * 1:20064 <-> DISABLED <-> MALWARE-CNC Malware Win.Trojan.Clemag.A variant outbound connection (malware-cnc.rules) * 1:20066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 SensLiceld.A runtime traffic detected (malware-cnc.rules) * 1:20067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Zatvex.A runtime traffic detected (malware-cnc.rules) * 1:20068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jetilms.A runtime activity detected (malware-cnc.rules) * 1:20069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.alhq runtime traffic detected (malware-cnc.rules) * 1:20074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.iseee variant outbound connection (malware-cnc.rules) * 1:20075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill.abl variant outbound connection (malware-cnc.rules) * 1:20076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agobot.ast variant outbound connection (malware-cnc.rules) * 1:20077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agobot.ast variant outbound connection (malware-cnc.rules) * 1:20078 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Russkill.C variant outbound connection (malware-cnc.rules) * 1:20079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Russkill.C variant outbound connection (malware-cnc.rules) * 1:20080 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (malware-cnc.rules) * 1:20081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (malware-cnc.rules) * 1:20082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inject.raw variant outbound connection (malware-cnc.rules) * 1:20083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fucobha.A variant outbound connection (malware-cnc.rules) * 1:20085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veebuu.BX variant outbound connection (malware-cnc.rules) * 1:20086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.ABY variant outbound connection (malware-cnc.rules) * 1:20087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.FGU variant outbound connection (malware-cnc.rules) * 1:20088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emudbot.A variant outbound connection (malware-cnc.rules) * 1:20096 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent.dcir variant outbound connection (malware-cnc.rules) * 1:20097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.dcir infected host at destination ip (malware-cnc.rules) * 1:20098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KeyLogger.wav variant outbound connection (malware-cnc.rules) * 1:20099 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules) * 1:20104 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules) * 1:20105 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules) * 1:20106 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules) * 1:20107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Small.Cns variant outbound connection (malware-cnc.rules) * 1:20108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Pher variant outbound connection (malware-cnc.rules) * 1:20109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zombie.sm variant outbound connection (malware-cnc.rules) * 1:20123 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (file-office.rules) * 1:20128 <-> DISABLED <-> FILE-OFFICE Microsoft Office invalid MS-OGRAPH DataFormat buffer overflow attempt (file-office.rules) * 1:20179 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt (server-webapp.rules) * 1:20180 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt (server-webapp.rules) * 1:20202 <-> ENABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (malware-cnc.rules) * 1:20204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Taidoor variant outbound connection (malware-cnc.rules) * 1:20205 <-> DISABLED <-> MALWARE-CNC Win32/Poison beaconing request (malware-cnc.rules) * 1:20213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:20217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramagedos.A variant outbound connection (malware-cnc.rules) * 1:20218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramagedos.A variant outbound connection (malware-cnc.rules) * 1:20219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ToriaSpy.A variant outbound connection (malware-cnc.rules) * 1:20220 <-> DISABLED <-> PUA-ADWARE Adware.Wizpop outbound connection (pua-adware.rules) * 1:20221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:20222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Payazol.B variant outbound connection (malware-cnc.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:20224 <-> DISABLED <-> FILE-MULTIMEDIA MPlayer SMI file buffer overflow attempt (file-multimedia.rules) * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules) * 1:20226 <-> DISABLED <-> FILE-OTHER MPlayer SMI file buffer overflow attempt (file-other.rules) * 1:20228 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules) * 1:20229 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (malware-cnc.rules) * 1:20230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules) * 1:20231 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules) * 1:20232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules) * 1:20233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules) * 1:20234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ceckno.cmz runtime traffic detected (malware-cnc.rules) * 1:20235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AdobeReader.Uz runtime traffic detected (malware-cnc.rules) * 1:20252 <-> DISABLED <-> MALWARE-CNC DroidKungFu check-in (malware-cnc.rules) * 1:20280 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20281 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doschald.A variant outbound connection (malware-cnc.rules) * 1:20290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doschald.A inbound connection (malware-cnc.rules) * 1:20291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mybios.A variant outbound connection (malware-cnc.rules) * 1:20292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FresctSpy.A variant outbound connection (malware-cnc.rules) * 1:20293 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules) * 1:20387 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules) * 1:20388 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules) * 1:20428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zewit.A variant outbound connection (malware-cnc.rules) * 1:20429 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules) * 1:20431 <-> DISABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (file-other.rules) * 1:20433 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 anutayadokalug host outbound connection (pua-adware.rules) * 1:20434 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 proantivirus21 host runtime traffic detection (pua-adware.rules) * 1:20435 <-> DISABLED <-> MALWARE-CNC TrojanSpy Win.Trojan.Zbot.Svr runtime traffic detected (malware-cnc.rules) * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:20447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.JAAK variant outbound connection (malware-cnc.rules) * 1:20448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meciv.A variant outbound connection (malware-cnc.rules) * 1:20449 <-> DISABLED <-> MALWARE-CNC Win.Worm.Busifom.A variant outbound connection (malware-cnc.rules) * 1:20525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duqu variant outbound connection (malware-cnc.rules) * 1:20527 <-> ENABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (malware-cnc.rules) * 1:20528 <-> DISABLED <-> SERVER-APACHE Apache mod_proxy reverse proxy information disclosure attempt (server-apache.rules) * 1:20558 <-> ENABLED <-> EXPLOIT-KIT URI request for known malicious URI /stat2.php (exploit-kit.rules) * 1:20559 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI file buffer overflow attempt (file-multimedia.rules) * 1:20561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PWSBanker.SHE variant outbound connection (malware-cnc.rules) * 1:20562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PWSBanker.SHE variant outbound connection (malware-cnc.rules) * 1:20565 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules) * 1:20566 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules) * 1:20569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.kb variant outbound connection (malware-cnc.rules) * 1:20570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.kb variant outbound connection (malware-cnc.rules) * 1:20571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.kb variant outbound connection (malware-cnc.rules) * 1:20587 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larchik.A variant outbound connection (malware-cnc.rules) * 1:20595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ixeshe.F variant outbound connection (malware-cnc.rules) * 1:20596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outbound connection (malware-cnc.rules) * 1:20597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outbound connection (malware-cnc.rules) * 1:20598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outbound connection (malware-cnc.rules) * 1:20599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outbound connection (malware-cnc.rules) * 1:20604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus.isqy variant outbound connection (malware-cnc.rules) * 1:20605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.R2d2.A contact to cnc server (malware-cnc.rules) * 1:20606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Domsingx.A variant outbound connection (malware-cnc.rules) * 1:20619 <-> DISABLED <-> SERVER-WEBAPP CoreHTTP Long buffer overflow attempt (server-webapp.rules) * 1:20620 <-> DISABLED <-> SERVER-WEBAPP CoreHTTP Long buffer overflow attempt (server-webapp.rules) * 1:20622 <-> DISABLED <-> FILE-JAVA Oracle Java Applet remote code execution attempt (file-java.rules) * 1:20626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shylock.A variant outbound connection (malware-cnc.rules) * 1:20627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shylock.A C&C server response (malware-cnc.rules) * 1:20628 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt (server-webapp.rules) * 1:20630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winnti.A contact to cnc server (malware-cnc.rules) * 1:20632 <-> DISABLED <-> SERVER-WEBAPP AnnoncesV annonce.php remote file include attempt (server-webapp.rules) * 1:20635 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt (server-webapp.rules) * 1:20636 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:20637 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:20639 <-> DISABLED <-> MALWARE-CNC Malware Win.Trojan.Higest.N variant outbound connection (malware-cnc.rules) * 1:20659 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:20661 <-> DISABLED <-> MALWARE-CNC Simbda variant outbound connection (malware-cnc.rules) * 1:20668 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - /content/v1.jar (exploit-kit.rules) * 1:20669 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - w.php?f= (exploit-kit.rules) * 1:20676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.EggDrop.acn variant outbound connection (malware-cnc.rules) * 1:20677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.EggDrop.acn variant outbound connection (malware-cnc.rules) * 1:20678 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Genome.aior variant outbound connection (malware-cnc.rules) * 1:20679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syrutrk variant outbound connection (malware-cnc.rules) * 1:20680 <-> DISABLED <-> SERVER-WEBAPP Flashchat aedating4CMS.php remote file include attempt (server-webapp.rules) * 1:20681 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Agent.NMS variant outbound connection (malware-cnc.rules) * 1:20682 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Agent.NMS variant outbound connection (malware-cnc.rules) * 1:20683 <-> DISABLED <-> MALWARE-CNC Cleanvaccine variant outbound connection (malware-cnc.rules) * 1:20684 <-> DISABLED <-> MALWARE-CNC Cleanvaccine variant outbound connection (malware-cnc.rules) * 1:20685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heloag.A variant outbound connection (malware-cnc.rules) * 1:20686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut.BM connect to client (malware-cnc.rules) * 1:20687 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Genome.akhg variant outbound connection (malware-cnc.rules) * 1:20688 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.Zbot.Jeib variant outbound connection (malware-cnc.rules) * 1:20689 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.Zbot.Jeib variant outbound connection (malware-cnc.rules) * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:20693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackcontrol.A variant outbound connection (malware-cnc.rules) * 1:20694 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SSonce.A variant outbound connection (malware-cnc.rules) * 1:20695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.GZW connect to cnc server (malware-cnc.rules) * 1:20696 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom.CK connect to cnc server (malware-cnc.rules) * 1:20697 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom.CK connect to cnc server (malware-cnc.rules) * 1:20722 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:20728 <-> DISABLED <-> SERVER-WEBAPP WoW Roster remote file include with hslist.php and conf.php attempt (server-webapp.rules) * 1:20731 <-> DISABLED <-> SERVER-WEBAPP TSEP tsep_config absPath parameter PHP remote file include attempt (server-webapp.rules) * 1:20752 <-> DISABLED <-> PUA-ADWARE Win32.GameVance outbound connection (pua-adware.rules) * 1:20753 <-> DISABLED <-> PUA-ADWARE Win32.GamePlayLabs outbound connection (pua-adware.rules) * 1:20754 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (malware-cnc.rules) * 1:20755 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (malware-cnc.rules) * 1:20756 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:20759 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (malware-cnc.rules) * 1:20762 <-> ENABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (malware-cnc.rules) * 1:20830 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra.amdu variant outbound connection (malware-cnc.rules) * 1:20831 <-> ENABLED <-> FILE-JAVA Oracle Java Applet Rhino script engine remote code execution attempt (file-java.rules) * 1:20836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy.A runtime traffic detected (malware-cnc.rules) * 1:20837 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (malware-cnc.rules) * 1:20838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smokebot.A runtime traffic detected (malware-cnc.rules) * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:20844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.smxy runtime traffic detected (malware-cnc.rules) * 1:20845 <-> DISABLED <-> SERVER-WEBAPP HP Network Node Manager cross site scripting attempt (server-webapp.rules) * 1:20877 <-> DISABLED <-> MALWARE-CNC RunTime Worm.Win32.Warezov.gs variant outbound connection (malware-cnc.rules) * 1:20890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.adbp runtime traffic detected (malware-cnc.rules) * 1:20891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.adbp runtime traffic detected (malware-cnc.rules) * 1:20892 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Skopvel.A runtime traffic detected (malware-cnc.rules) * 1:20927 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (malware-cnc.rules) * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:21051 <-> DISABLED <-> SERVER-WEBAPP Apple OSX software update command execution attempt (server-webapp.rules) * 1:21055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Utka.A variant outbound connection (malware-cnc.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules) * 1:21058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AutoIt.pm runtime traffic detected (malware-cnc.rules) * 1:21065 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Edituser cross site scripting attempt (server-webapp.rules) * 1:21066 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Systemdashboard cross site scripting attempt (server-webapp.rules) * 1:21067 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager TOC_simple cross site scripting attempt (server-webapp.rules) * 1:21082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules) * 1:21083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules) * 1:21087 <-> DISABLED <-> MALWARE-CNC Bindow.Worm runtime traffic detected (malware-cnc.rules) * 1:21093 <-> DISABLED <-> FILE-MULTIMEDIA A-PDF Wav to mp3 converter buffer overfow (file-multimedia.rules) * 1:21100 <-> DISABLED <-> PROTOCOL-RPC Novell Netware xdr decode string length buffer overflow attempt (protocol-rpc.rules) * 1:21107 <-> DISABLED <-> FILE-MULTIMEDIA MJM Quickplayer s3m buffer overflow (file-multimedia.rules) * 1:21112 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules) * 1:21116 <-> DISABLED <-> FILE-OTHER Cisco Webex selector and size2 subrecords corruption attempt (file-other.rules) * 1:21122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandok.zp runtime traffic detected (malware-cnc.rules) * 1:21123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flymux.A runtime traffic detected (malware-cnc.rules) * 1:21124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki.A runtime traffic detected (malware-cnc.rules) * 1:21125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alureon.DG runtime traffic detected (malware-cnc.rules) * 1:21126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koutodoor.C runtime traffic detected (malware-cnc.rules) * 1:21127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Setfic.A runtime traffic detected (malware-cnc.rules) * 1:21128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dromedan.A runtime traffic detected (malware-cnc.rules) * 1:21142 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules) * 1:21143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules) * 1:21144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules) * 1:21145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neraweq.A runtime traffic detected (malware-cnc.rules) * 1:21151 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stegae.A runtime traffic detected (malware-cnc.rules) * 1:21160 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:21169 <-> DISABLED <-> PUA-ADWARE Apperhand SDK advertising data request - Counterclank (pua-adware.rules) * 1:21170 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:21175 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules) * 1:21176 <-> DISABLED <-> PUA-ADWARE Win32.WindowsOptimizationAndSecurity outbound connection (pua-adware.rules) * 1:21177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ganipin.A inbound connection (malware-cnc.rules) * 1:21178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Chekafe.A variant outbound connection (malware-cnc.rules) * 1:21179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coofus.RFM variant outbound connection (malware-cnc.rules) * 1:21180 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Magania.clfv variant outbound connection (malware-cnc.rules) * 1:21181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.czgu variant outbound connection (malware-cnc.rules) * 1:21182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MeSub.ac variant outbound connection (malware-cnc.rules) * 1:21183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.alfu variant outbound connection (malware-cnc.rules) * 1:21184 <-> DISABLED <-> PUA-ADWARE Internet Security 2010 outbound connection (pua-adware.rules) * 1:21185 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Kufgal.A inbound connection (malware-cnc.rules) * 1:21187 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xlahlah.A variant outbound connection (malware-cnc.rules) * 1:21192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syswrt.dvd variant outbound connection (malware-cnc.rules) * 1:21193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalbot.A variant outbound connection (malware-cnc.rules) * 1:21194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst.A variant outbound connection (malware-cnc.rules) * 1:21195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Protux.B variant outbound connection (malware-cnc.rules) * 1:21196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw.A variant outbound connection (malware-cnc.rules) * 1:21197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw.A variant outbound connection (malware-cnc.rules) * 1:21198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qinubot.A variant outbound connection (malware-cnc.rules) * 1:21199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qinubot.A variant outbound connection (malware-cnc.rules) * 1:21202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scapzilla.A variant outbound connection (malware-cnc.rules) * 1:21203 <-> DISABLED <-> MALWARE-CNC Virus Win.Trojan.Induc.B variant outbound connection (malware-cnc.rules) * 1:21204 <-> DISABLED <-> MALWARE-CNC Virus Win.Trojan.Induc.B variant outbound connection (malware-cnc.rules) * 1:21205 <-> DISABLED <-> MALWARE-CNC Virus Win.Trojan.Induc.B variant outbound connection (malware-cnc.rules) * 1:21206 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules) * 1:21207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dekara.A variant outbound connection (malware-cnc.rules) * 1:21208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (malware-cnc.rules) * 1:21209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enviserv.A variant outbound connection (malware-cnc.rules) * 1:21210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rallovs.A variant outbound connection (malware-cnc.rules) * 1:21211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.slrj variant outbound connection (malware-cnc.rules) * 1:21212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon.nkor variant outbound connection (malware-cnc.rules) * 1:21213 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Cridex.B variant outbound connection (malware-cnc.rules) * 1:21214 <-> DISABLED <-> SERVER-APACHE Apache server mod_proxy reverse proxy bypass attempt (server-apache.rules) * 1:21215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Am variant outbound connection (malware-cnc.rules) * 1:21216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Am variant outbound connection (malware-cnc.rules) * 1:21217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Am variant outbound connection (malware-cnc.rules) * 1:21218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodager.C variant outbound connection (malware-cnc.rules) * 1:21219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysckbc variant outbound connection (malware-cnc.rules) * 1:21220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Susnatache.A inbound connection (malware-cnc.rules) * 1:21221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Susnatache.A variant outbound connection (malware-cnc.rules) * 1:21222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kcahneila.A variant outbound connection (malware-cnc.rules) * 1:21223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gyplit.A variant outbound connection (malware-cnc.rules) * 1:21224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MacOS.DevilRobber.A variant outbound connection (malware-cnc.rules) * 1:21225 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules) * 1:21226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Louisdreyfu.A variant outbound connection (malware-cnc.rules) * 1:21227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulknet variant outbound connection (malware-cnc.rules) * 1:21228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerberat variant outbound connection (malware-cnc.rules) * 1:21229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Synljdos variant outbound connection (malware-cnc.rules) * 1:21230 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules) * 1:21243 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:21249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBasddsa.A runtime traffic detected (malware-cnc.rules) * 1:21250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBasddsa.A runtime traffic detected (malware-cnc.rules) * 1:21251 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sirefef.P variant outbound connection (malware-cnc.rules) * 1:21252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sirefef.P variant outbound connection (malware-cnc.rules) * 1:21253 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:21254 <-> DISABLED <-> FILE-PDF Foxit Reader createDataObject file write attempt (file-pdf.rules) * 1:21273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tusha variant runtime traffic detected (malware-cnc.rules) * 1:21274 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tusha variant runtime traffic detected (malware-cnc.rules) * 1:21277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shexie.A runtime traffic detected (malware-cnc.rules) * 1:21278 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules) * 1:21279 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot.s runtime traffic detected (malware-cnc.rules) * 1:21280 <-> DISABLED <-> MALWARE-CNC Win32 Turkojan.C runtime traffic detected (malware-cnc.rules) * 1:21289 <-> DISABLED <-> OS-WINDOWS Microsoft Color Control Panel STI.dll dll-load exploit attempt (os-windows.rules) * 1:21290 <-> DISABLED <-> OS-WINDOWS Microsoft Color Control Panel STI.dll dll-load exploit attempt (os-windows.rules) * 1:21294 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancodor.be runtime traffic detected (malware-cnc.rules) * 1:21303 <-> DISABLED <-> MALWARE-CNC Win32 Initor.ag runtime traffic detected (malware-cnc.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21378 <-> DISABLED <-> SERVER-OTHER Novell iPrint attributes-natural-language buffer overflow attempt (server-other.rules) * 1:21379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome.Amqj runtime traffic detected (malware-cnc.rules) * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules) * 1:21381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dialer.ngb runtime traffic detected (malware-cnc.rules) * 1:21382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host setting3.yeahost.com runtime traffic detected (malware-cnc.rules) * 1:21383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host 9999mb.com runtime traffic detected (malware-cnc.rules) * 1:21384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host freewebs.com runtime traffic detected (malware-cnc.rules) * 1:21386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wadolin.A runtime traffic detected (malware-cnc.rules) * 1:21387 <-> DISABLED <-> FILE-JAVA Oracle Java runtime RMIConnectionImpl deserialization execution attempt (file-java.rules) * 1:21390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agobot.dl runtime traffic detected (malware-cnc.rules) * 1:21391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.dcac runtime traffic detected (malware-cnc.rules) * 1:21393 <-> DISABLED <-> FILE-MULTIMEDIA Magix Musik Maker 16 buffer overflow attempt (file-multimedia.rules) * 1:21397 <-> DISABLED <-> FILE-MULTIMEDIA MicroP mppl stack buffer overflow (file-multimedia.rules) * 1:21413 <-> DISABLED <-> FILE-OTHER PeaZip command injection attempt (file-other.rules) * 1:21418 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (malware-cnc.rules) * 1:21421 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC authority response record overflow attempt (protocol-dns.rules) * 1:21464 <-> DISABLED <-> MALWARE-CNC Downloader-CEW.b runtime traffic detected (malware-cnc.rules) * 1:21466 <-> DISABLED <-> MALWARE-CNC Autorun.BDS runtime traffic detected (malware-cnc.rules) * 1:21469 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules) * 1:21473 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameThief variant outbound connection (malware-cnc.rules) * 1:21477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noobot variant outbound connection (malware-cnc.rules) * 1:21486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:21491 <-> DISABLED <-> PROTOCOL-SCADA Sielco Sistemi Winlog Pro stack buffer overflow attempt (protocol-scada.rules) * 1:21495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vilsel variant outbound connection (malware-cnc.rules) * 1:21496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saeeka variant outbound connection (malware-cnc.rules) * 1:21497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saeeka variant outbound connection (malware-cnc.rules) * 1:21511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vaxpy variant outbound connection (malware-cnc.rules) * 1:21520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules) * 1:21521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob update connection (malware-cnc.rules) * 1:21527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader registration connection detection (malware-cnc.rules) * 1:21528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader keep-alive connection detection (malware-cnc.rules) * 1:21557 <-> DISABLED <-> FILE-OTHER Apple OSX ZIP archive shell script execution attempt (file-other.rules) * 1:21563 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21564 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21566 <-> DISABLED <-> OS-WINDOWS Microsoft Expression Design wintab32.dll dll-load exploit attempt (os-windows.rules) * 1:21595 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization request detection (os-mobile.rules) * 1:21596 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization response detection (os-mobile.rules) * 1:21597 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging request detection (os-mobile.rules) * 1:21598 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging response detection (os-mobile.rules) * 1:21609 <-> DISABLED <-> SERVER-WEBAPP SurgeMail webmail.exe page format string exploit attempt (server-webapp.rules) * 1:21669 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk missing SIP version denial of service attempt (protocol-voip.rules) * 1:21760 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:21761 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules) * 1:2179 <-> DISABLED <-> PROTOCOL-FTP PASS format string attempt (protocol-ftp.rules) * 1:21858 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (file-pdf.rules) * 1:21859 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (file-pdf.rules) * 1:21913 <-> DISABLED <-> SERVER-OTHER EMC data protection advisor DOS attempt (server-other.rules) * 1:21914 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (server-other.rules) * 1:21922 <-> DISABLED <-> FILE-OTHER VLC mms hostname buffer overflow attempt (file-other.rules) * 1:21947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VicSpy.A variant outbound connection (malware-cnc.rules) * 1:21967 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip.A runtime detection (malware-backdoor.rules) * 1:21970 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant outbound connection (malware-backdoor.rules) * 1:21971 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant inbound connection (malware-backdoor.rules) * 1:21972 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash variant outbound connection (malware-backdoor.rules) * 1:21973 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash runtime detection (malware-backdoor.rules) * 1:21974 <-> DISABLED <-> MALWARE-CNC Worm.Expichu variant inbound connection (malware-cnc.rules) * 1:21975 <-> DISABLED <-> MALWARE-CNC Worm.Expichu variant inbound connection (malware-cnc.rules) * 1:21976 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Lapurd.D variant outbound connection (malware-cnc.rules) * 1:21982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insain variant outbound connection (malware-cnc.rules) * 1:21995 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules) * 1:21996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules) * 1:22048 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules) * 1:22078 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:22947 <-> DISABLED <-> FILE-OTHER Novell Groupwise Addressbook buffer overflow attempt (file-other.rules) * 1:22948 <-> DISABLED <-> PROTOCOL-VOIP Avaya WinPDM header buffer overflow attempt (protocol-voip.rules) * 1:22950 <-> DISABLED <-> SERVER-WEBAPP EXIF header parsing integer overflow attempt big endian (server-webapp.rules) * 1:22951 <-> DISABLED <-> SERVER-WEBAPP EXIF header parsing integer overflow attempt little endian (server-webapp.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:23014 <-> DISABLED <-> FILE-OTHER Adobe Photoshop asset elements stack based buffer overflow attempt (file-other.rules) * 1:23046 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish Enterprise server cross site scripting attempt (server-webapp.rules) * 1:23047 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish Enterprise server cross site scripting attempt (server-webapp.rules) * 1:23051 <-> DISABLED <-> MALWARE-CNC Dybalom.A runtime traffic detected (malware-cnc.rules) * 1:23055 <-> DISABLED <-> PROTOCOL-FTP Cisco IOS FTP MKD buffer overflow attempt (protocol-ftp.rules) * 1:23056 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceR3Info buffer overflow attempt (server-other.rules) * 1:23099 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceHex denial of service attempt (server-other.rules) * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:23170 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:23176 <-> DISABLED <-> MALWARE-CNC Donbot.A runtime traffic detected (malware-cnc.rules) * 1:23177 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway timer.php cross site scripting attempt (server-webapp.rules) * 1:23178 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement flood attempt (protocol-icmp.rules) * 1:23213 <-> DISABLED <-> SQL Ruby on rails SQL injection attempt (sql.rules) * 1:23234 <-> DISABLED <-> MALWARE-CNC Frethog.MK runtime traffic detected (malware-cnc.rules) * 1:23235 <-> DISABLED <-> MALWARE-CNC PBin.A runtime traffic detected (malware-cnc.rules) * 1:23238 <-> DISABLED <-> NETBIOS Wireshark console.lua file load exploit attempt (netbios.rules) * 1:23239 <-> DISABLED <-> SERVER-OTHER Wireshark console.lua file load exploit attempt (server-other.rules) * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules) * 1:23243 <-> DISABLED <-> FILE-JAVA Oracle Java Zip file directory record overflow attempt (file-java.rules) * 1:23269 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:23271 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23272 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nitol.B variant outbound connection (malware-cnc.rules) * 1:23341 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Tinrot.A runtime detection (malware-backdoor.rules) * 1:23346 <-> DISABLED <-> FILE-OTHER Oracle outside in Lotus 1-2-3 heap overflow attempt (file-other.rules) * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules) * 1:23368 <-> DISABLED <-> PROTOCOL-DNS Tftpd32 DNS server denial of service attempt (protocol-dns.rules) * 1:23397 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services stack buffer overflow attempt (server-other.rules) * 1:23398 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services stack buffer overflow attempt (server-other.rules) * 1:23401 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish server REST interface cross site request forgery attempt (server-webapp.rules) * 1:23480 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino webadmin.nsf directory traversal attempt (server-webapp.rules) * 1:23484 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Invit0r plugin non-image file upload attempt (indicator-compromise.rules) * 1:23485 <-> DISABLED <-> SERVER-WEBAPP Wordpress Invit0r plugin php upload attempt (server-webapp.rules) * 1:23544 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt (file-office.rules) * 1:23560 <-> DISABLED <-> FILE-JAVA Oracle Java Zip file directory record overflow attempt (file-java.rules) * 1:23577 <-> DISABLED <-> FILE-OTHER VLC mms hostname buffer overflow attempt (file-other.rules) * 1:23580 <-> DISABLED <-> FILE-OTHER Novell Groupwise Addressbook buffer overflow attempt (file-other.rules) * 1:23581 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:23587 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23588 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23589 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:23590 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:23598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slagent outgoing connection (malware-cnc.rules) * 1:23599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slagent outgoing connection (malware-cnc.rules) * 1:23624 <-> DISABLED <-> SERVER-OTHER Ubisoft Uplay browser plugin backdoor attempt (server-other.rules) * 1:23783 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway pbcontrol.php filename parameter command injection attempt (server-webapp.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:23879 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:23880 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:23934 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway blocked.php blind sql injection attempt (server-webapp.rules) * 1:23938 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (malware-cnc.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:24007 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:24026 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24029 <-> DISABLED <-> FILE-OTHER Oracle outside in Lotus 1-2-3 heap overflow attempt (file-other.rules) * 1:24083 <-> ENABLED <-> FILE-OTHER ESTsoft ALZip MIM file buffer overflow attempt (file-other.rules) * 1:24123 <-> DISABLED <-> MALWARE-BACKDOOR Virus.Win32.Xpaj.A variant outbound connection (malware-backdoor.rules) * 1:24128 <-> DISABLED <-> OS-WINDOWS Microsoft SCCM ReportChart xss attempt (os-windows.rules) * 1:24147 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:2417 <-> DISABLED <-> PROTOCOL-FTP format string attempt (protocol-ftp.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules) * 1:7722 <-> DISABLED <-> MALWARE-CNC prorat 1.9 cgi notification detection (malware-cnc.rules) * 1:8085 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager connectedNodes.ovpl command injection attempt (server-webapp.rules) * 1:8086 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager cdpView.ovpl command injection attempt (server-webapp.rules) * 1:8087 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager freeIPaddrs.ovpl command injection attempt (server-webapp.rules) * 1:8088 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager connectedNodes.ovpl command injection attempt (server-webapp.rules) * 1:8089 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager cdpView.ovpl command injection attempt (server-webapp.rules) * 1:8090 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager freeIPaddrs.ovpl command injection attempt (server-webapp.rules) * 1:8734 <-> DISABLED <-> SERVER-WEBAPP Pajax call_dispatcher className directory traversal attempt (server-webapp.rules) * 1:9620 <-> DISABLED <-> SERVER-WEBAPP Pajax call_dispatcher remote code execution attempt (server-webapp.rules) * 1:46482 <-> ENABLED <-> MALWARE-CNC Installation Keylogger Osx.Trojan.Mokes data exfiltration (malware-cnc.rules) * 1:24207 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules) * 1:24208 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules) * 1:24209 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules) * 1:24240 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:24241 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:24242 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:24256 <-> ENABLED <-> MALWARE-BACKDOOR phpMyAdmin server_sync.php backdoor access attempt (malware-backdoor.rules) * 1:24291 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APISiteScopeImpl information disclosure attempt (server-webapp.rules) * 1:24292 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APISiteScopeImpl information disclosure attempt (server-webapp.rules) * 1:24296 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement invalid prefix option attempt (protocol-icmp.rules) * 1:24321 <-> DISABLED <-> SERVER-OTHER HP StorageWorks File Migration Agent buffer overflow attempt (server-other.rules) * 1:24337 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules) * 1:24446 <-> DISABLED <-> SERVER-OTHER EMC NetWorker SunRPC format string exploit attempt (server-other.rules) * 1:24480 <-> DISABLED <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt (protocol-scada.rules) * 1:24487 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:24507 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:24508 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:24518 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway PHP remote code injection attempt (server-webapp.rules) * 1:24519 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway PHP remote code execution attempt (server-webapp.rules) * 1:24520 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt (server-webapp.rules) * 1:24524 <-> DISABLED <-> SERVER-MAIL Novell GroupWise internet agent iCalendar parsing denial of service attempt (server-mail.rules) * 1:24536 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24537 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24538 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24628 <-> DISABLED <-> SERVER-WEBAPP Webmin show.cgi arbitrary command injection attempt (server-webapp.rules) * 1:24647 <-> DISABLED <-> SERVER-WEBAPP D-Link Wireless Router CAPTCHA data processing buffer overflow attempt (server-webapp.rules) * 1:24652 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (file-other.rules) * 1:24686 <-> DISABLED <-> SERVER-OTHER HP StorageWorks file migration agent buffer overflow attempt (server-other.rules) * 1:24696 <-> DISABLED <-> PROTOCOL-RPC EMC Networker nsrindexd.exe procedure 0x01 buffer overflow attempt (protocol-rpc.rules) * 1:24699 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:24700 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:24701 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (file-java.rules) * 1:24706 <-> DISABLED <-> SERVER-WEBAPP Netop Remote Control dws file buffer overflow attempt (server-webapp.rules) * 1:24707 <-> DISABLED <-> SERVER-WEBAPP Netop Remote Control dws file buffer overflow attempt (server-webapp.rules) * 1:24765 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter SRS request heap overflow attempt (server-webapp.rules) * 1:24766 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter SRS request arbitrary file download attempt (server-webapp.rules) * 1:24767 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter FSFUI request directory traversal attempt (server-webapp.rules) * 1:24801 <-> DISABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager Express asset.getmimetype sql injection attempt (server-webapp.rules) * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules) * 1:24915 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (file-java.rules) * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules) * 1:24993 <-> DISABLED <-> FILE-JAVA Oracle Java Applet remote code execution attempt (file-java.rules) * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (malware-cnc.rules) * 1:25318 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25319 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25321 <-> DISABLED <-> SERVER-ORACLE Oracle Database tablefunc_asown buffer overflow attempt (server-oracle.rules) * 1:25345 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Web interface arbitrary command execution attempt (server-webapp.rules) * 1:25346 <-> DISABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules) * 1:25347 <-> DISABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules) * 1:25348 <-> DISABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules) * 1:25353 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:25354 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:25355 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:25366 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:25367 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:25369 <-> DISABLED <-> OS-WINDOWS NVIDIA graphics driver nvsr named pipe buffer overflow attempt (os-windows.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:25449 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules) * 1:25450 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules) * 1:25534 <-> DISABLED <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt (server-webapp.rules) * 1:25542 <-> DISABLED <-> PROTOCOL-RPC EMC NetWorker nsrindexd service buffer overflow attempt (protocol-rpc.rules) * 1:25581 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (server-other.rules) * 1:25582 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (server-other.rules) * 1:25583 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (server-other.rules) * 1:25584 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (server-other.rules) * 1:25585 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (server-other.rules) * 1:25586 <-> DISABLED <-> SERVER-WEBAPP Nagios Core get_history buffer overflow attempt (server-webapp.rules) * 1:25767 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (file-pdf.rules) * 1:25810 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:25811 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:25812 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:25813 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:25818 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (file-pdf.rules) * 1:25819 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (file-pdf.rules) * 1:25855 <-> DISABLED <-> SERVER-WEBAPP Nagios XI alert cloud cross site scripting attempt (server-webapp.rules) * 1:26073 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (server-other.rules) * 1:26074 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (server-other.rules) * 1:26081 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Suspected Crimepack (malware-cnc.rules) * 1:26082 <-> DISABLED <-> FILE-PDF Nuance PDF reader launch overflow attempt (file-pdf.rules) * 1:26103 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra ping request buffer overflow attempt (server-other.rules) * 1:26105 <-> DISABLED <-> SERVER-OTHER BigAnt IM Server buffer overflow attempt (server-other.rules) * 1:26107 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (server-other.rules) * 1:26108 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (server-other.rules) * 1:26178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hiloti variant outbound connection (malware-cnc.rules) * 1:26185 <-> ENABLED <-> FILE-JAVA Oracle Java Gmbal package sandbox breach attempt (file-java.rules) * 1:26186 <-> ENABLED <-> FILE-JAVA Oracle Java Gmbal package sandbox breach attempt (file-java.rules) * 1:26195 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:26196 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules) * 1:26197 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules) * 1:26198 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:26199 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules) * 1:26200 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules) * 1:26209 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (file-other.rules) * 1:26210 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (file-other.rules) * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules) * 1:26242 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (file-multimedia.rules) * 1:26243 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (file-multimedia.rules) * 1:26262 <-> DISABLED <-> SERVER-OTHER MongoDB nativeHelper.apply method command injection attempt (server-other.rules) * 1:26274 <-> DISABLED <-> SERVER-WEBAPP Nagios3 statuswml.cgi remote command execution attempt (server-webapp.rules) * 1:26280 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26281 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26282 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26283 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26320 <-> DISABLED <-> SERVER-WEBAPP Redmine SCM rev parameter command injection attempt (server-webapp.rules) * 1:26333 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (server-other.rules) * 1:26334 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (server-other.rules) * 1:26336 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra snmp request buffer overflow attempt (server-other.rules) * 1:26389 <-> DISABLED <-> SERVER-OTHER BigAnt Document Service DUPF command arbitrary file upload attempt (server-other.rules) * 1:26390 <-> DISABLED <-> SERVER-OTHER BigAnt Document Service DUPF command arbitrary file upload attempt (server-other.rules) * 1:26416 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center mibFileUpload servlet arbitrary file upload attempt (server-webapp.rules) * 1:26417 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center mibFileUpload servlet arbitrary file upload attempt (server-webapp.rules) * 1:26418 <-> DISABLED <-> SERVER-WEBAPP HP System Management iprange parameter buffer overflow attempt (server-webapp.rules) * 1:26425 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (protocol-voip.rules) * 1:26426 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (protocol-voip.rules) * 1:26435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duqu variant outbound connection (malware-cnc.rules) * 1:26436 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center FaultDownloadServlet information disclosure attempt (server-webapp.rules) * 1:26471 <-> DISABLED <-> PROTOCOL-FTP VanDyke AbsoluteFTP LIST command stack buffer overflow attempt (protocol-ftp.rules) * 1:26473 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26474 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26475 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26476 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26477 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26478 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26479 <-> DISABLED <-> SERVER-OTHER ActFax LPD Server data field buffer overflow attempt (server-other.rules) * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:26501 <-> DISABLED <-> SERVER-OTHER BigAnt Document Service DDNF request stack buffer overflow attempt (server-other.rules) * 1:26502 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:26503 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:26504 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:26505 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center IctDownloadServlet information disclosure attempt (server-webapp.rules) * 1:26520 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (file-other.rules) * 1:26521 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (file-other.rules) * 1:26523 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center ReportImgServlet information disclosure attempt (server-webapp.rules) * 1:26547 <-> DISABLED <-> SERVER-WEBAPP phpMyAdmin preg_replace remote code execution attempt (server-webapp.rules) * 1:26626 <-> DISABLED <-> FILE-OFFICE XML parameter entity reference local file disclosure attempt (file-office.rules) * 1:26645 <-> DISABLED <-> SERVER-OTHER SSL TLS deflate compression weakness brute force attempt (server-other.rules) * 1:26648 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:26649 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:26651 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26652 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26664 <-> ENABLED <-> FILE-IMAGE BMP extremely large xpos opcodes (file-image.rules) * 1:26669 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center SyslogDownloadServlet information disclosure attempt (server-webapp.rules) * 1:26672 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:26673 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:26674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:26676 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt (file-office.rules) * 1:26759 <-> DISABLED <-> SERVER-OTHER MIT Kerberos libkdb_ldap principal name handling denial of service attempt (server-other.rules) * 1:26769 <-> DISABLED <-> SERVER-OTHER MIT Kerberos kpasswd process_chpw_request denial of service attempt (server-other.rules) * 1:26794 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center UAM acmServletDownload information disclosure attempt (server-webapp.rules) * 1:26797 <-> DISABLED <-> SERVER-WEBAPP Mutiny editdocument servlet arbitrary file access attempt (server-webapp.rules) * 1:26798 <-> DISABLED <-> SERVER-WEBAPP Mutiny editdocument servlet arbitrary file upload attempt (server-webapp.rules) * 1:26905 <-> DISABLED <-> SERVER-WEBAPP FosWiki and TWiki MAKETEXT macro memory consumption denial of service attempt (server-webapp.rules) * 1:26922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:26927 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26928 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26953 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-300/DIR-600 unauthenticated remote command execution attempt (server-webapp.rules) * 1:26990 <-> DISABLED <-> SERVER-WEBAPP WordPress Super Cache & W3 Total Cache remote code execution attempt (server-webapp.rules) * 1:26991 <-> DISABLED <-> SERVER-WEBAPP WordPress Super Cache & W3 Total Cache remote code execution attempt (server-webapp.rules) * 1:26992 <-> DISABLED <-> SERVER-WEBAPP WordPress Super Cache & W3 Total Cache remote code execution attempt (server-webapp.rules) * 1:27018 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (server-webapp.rules) * 1:27019 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (server-webapp.rules) * 1:27020 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (server-webapp.rules) * 1:27028 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (server-webapp.rules) * 1:27029 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (server-webapp.rules) * 1:27030 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (server-webapp.rules) * 1:27036 <-> DISABLED <-> SERVER-OTHER Novell NetIQ User Manager modifyAccounts policy bypass attempt (server-other.rules) * 1:27075 <-> DISABLED <-> SERVER-OTHER Novell NetIQ User Manager ldapagnt_eval remote code execution attempt (server-other.rules) * 1:27076 <-> ENABLED <-> FILE-JAVA Oracle Java Applet disable security manager attempt (file-java.rules) * 1:27077 <-> ENABLED <-> FILE-JAVA Oracle Java Applet disable security manager attempt (file-java.rules) * 1:27102 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (file-multimedia.rules) * 1:27103 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (file-multimedia.rules) * 1:27104 <-> ENABLED <-> SERVER-WEBAPP HP System Management arbitrary command injection attempt (server-webapp.rules) * 1:27105 <-> ENABLED <-> SERVER-WEBAPP HP System Management arbitrary command injection attempt (server-webapp.rules) * 1:27122 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 305 buffer overflow attempt (server-other.rules) * 1:27124 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1092 buffer overflow attempt (server-other.rules) * 1:27125 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 211 buffer overflow attempt (server-other.rules) * 1:27170 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 buffer overflow attempt (server-other.rules) * 1:27188 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:27189 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:27190 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:27191 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:27192 <-> DISABLED <-> SERVER-WEBAPP DM Albums album.php remote file include attempt (server-webapp.rules) * 1:27210 <-> ENABLED <-> SERVER-OTHER IPMI RAKP cipher zero remote authentication bypass attempt (server-other.rules) * 1:27217 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 260 buffer overflow attempt (server-other.rules) * 1:27224 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion websocket invoke method access (server-other.rules) * 1:27225 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion JRun error page getWriter denial of service attempt (server-other.rules) * 1:27226 <-> DISABLED <-> SERVER-WEBAPP DokuWiki PHP file inclusion attempt (server-webapp.rules) * 1:27231 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:27237 <-> DISABLED <-> SERVER-OTHER IPMI default username - root (server-other.rules) * 1:27238 <-> DISABLED <-> SERVER-OTHER IPMI default username - admin (server-other.rules) * 1:27239 <-> DISABLED <-> SERVER-OTHER IPMI default username - USERID (server-other.rules) * 1:27240 <-> DISABLED <-> SERVER-OTHER multiple vendors IPMI RAKP username brute force attempt (server-other.rules) * 1:27264 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt (server-other.rules) * 1:27532 <-> DISABLED <-> SERVER-MAIL Exim and Dovecot mail from remote command execution attempt (server-mail.rules) * 1:27539 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 234 buffer overflow attempt (server-other.rules) * 1:27552 <-> DISABLED <-> OS-MOBILE Android Exploit Extra_Field APK file download attempt (os-mobile.rules) * 1:27571 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 235 buffer overflow attempt (server-other.rules) * 1:27572 <-> ENABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:27573 <-> ENABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:27574 <-> ENABLED <-> SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt (server-apache.rules) * 1:27575 <-> ENABLED <-> SERVER-APACHE Apache Struts arbitrary OGNL remote code execution attempt (server-apache.rules) * 1:27617 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 264 buffer overflow attempt (server-other.rules) * 1:27621 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27622 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27623 <-> DISABLED <-> SERVER-OTHER Joomla media.php arbitrary file upload attempt (server-other.rules) * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules) * 1:27667 <-> DISABLED <-> SERVER-WEBAPP Joomla media.php file.upload direct administrator access attempt (server-webapp.rules) * 1:27672 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27673 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27674 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27675 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27676 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27677 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27688 <-> DISABLED <-> SERVER-WEBAPP mxBB MX Faq module_root_path file inclusion attempt (server-webapp.rules) * 1:27691 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27692 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27750 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27751 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27753 <-> DISABLED <-> SERVER-WEBAPP Click N Print Coupons coupon_detail.asp SQL injection attempt (server-webapp.rules) * 1:27756 <-> DISABLED <-> SERVER-WEBAPP RedHat Piranha Virtual Server Package default passwd and arbitrary command execution attempt (server-webapp.rules) * 1:27769 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 207 buffer overflow attempt (server-other.rules) * 1:27770 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 210 buffer overflow attempt (server-other.rules) * 1:27771 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 236 buffer overflow attempt (server-other.rules) * 1:27772 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 243 buffer overflow attempt (server-other.rules) * 1:27773 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 265 buffer overflow attempt (server-other.rules) * 1:27861 <-> DISABLED <-> SERVER-ORACLE Oracle Enterprise Manager Database Control directory traversal attempt (server-oracle.rules) * 1:27862 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt (server-webapp.rules) * 1:27863 <-> DISABLED <-> SERVER-WEBAPP Ektron CMS XSLT transform remote code execution attempt (server-webapp.rules) * 1:27921 <-> DISABLED <-> SERVER-ORACLE Oracle Endeca Server createDataStore remote command injection attempt (server-oracle.rules) * 1:27937 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager SNAC UpdateCertificatesServlet directory traversal attempt (server-other.rules) * 1:27941 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager SNAC UpdateDomainControllerServlet directory traversal attempt (server-other.rules) * 1:27942 <-> ENABLED <-> SERVER-WEBAPP Sophos Web Protection Appliance sblistpack arbitrary command execution attempt (server-webapp.rules) * 1:28047 <-> DISABLED <-> SERVER-WEBAPP RaidSonic Multiple Products arbitrary command injection attempt (server-webapp.rules) * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules) * 1:28093 <-> DISABLED <-> SERVER-WEBAPP Western Digital Arkeia Appliance directory traversal attempt (server-webapp.rules) * 1:28124 <-> DISABLED <-> FILE-OTHER PCRE character class heap buffer overflow attempt (file-other.rules) * 1:28137 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (file-office.rules) * 1:28145 <-> DISABLED <-> SERVER-WEBAPP OpenEMR information disclosure attempt (server-webapp.rules) * 1:28149 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file deletion (server-other.rules) * 1:28150 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file upload (server-other.rules) * 1:28165 <-> DISABLED <-> PROTOCOL-VOIP attempted DOS detected (protocol-voip.rules) * 1:28227 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 211 buffer overflow attempt (server-other.rules) * 1:28251 <-> DISABLED <-> SERVER-WEBAPP Zabbix httpmon.php SQL injection attempt (server-webapp.rules) * 1:28252 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:28263 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:28276 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:28277 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:28278 <-> DISABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager express user.updateUserValue sql injection attempt (server-webapp.rules) * 1:28289 <-> ENABLED <-> SERVER-WEBAPP Tenda W302R root remote code execution attempt (server-webapp.rules) * 1:28290 <-> ENABLED <-> SERVER-WEBAPP Tenda W302R iwpriv remote code execution attempt (server-webapp.rules) * 1:28361 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:28388 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28389 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules) * 1:28394 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28395 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28396 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28397 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28398 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28407 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center BIMS UploadServlet arbitrary file upload attempt (server-webapp.rules) * 1:28427 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:28448 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center BIMS bimsDownload directory traversal attempt (server-webapp.rules) * 1:28461 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28462 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28464 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28465 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28466 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28467 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28468 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28469 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28470 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28471 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28472 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28473 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28525 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28526 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28534 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28535 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28536 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28537 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28575 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (file-other.rules) * 1:28576 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (file-other.rules) * 1:28597 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules) * 1:28598 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules) * 1:28621 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:28622 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:28623 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28624 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28625 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D rgba parsing overflow attempt (file-pdf.rules) * 1:28633 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:28642 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28643 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28659 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (file-pdf.rules) * 1:28709 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:28746 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver SXPG_CALL_SYSTEM remote code execution attempt (server-webapp.rules) * 1:28747 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D format memory corruption attempt (file-pdf.rules) * 1:28748 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D format memory corruption attempt (file-pdf.rules) * 1:28790 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D stream memory corruption attempt (file-pdf.rules) * 1:28794 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SerAuxTrend biff record corruption attempt (file-office.rules) * 1:28818 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (file-other.rules) * 1:28819 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (file-other.rules) * 1:28831 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (file-other.rules) * 1:28833 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:28834 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:28835 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:28836 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (file-other.rules) * 1:28837 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (file-other.rules) * 1:28839 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:28840 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:28841 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:28842 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (file-other.rules) * 1:28843 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28844 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28845 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28871 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28872 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28908 <-> DISABLED <-> SERVER-OTHER Nagios core config manager tfpassword sql injection attempt (server-other.rules) * 1:28909 <-> DISABLED <-> SERVER-WEBAPP OTManager ADM_Pagina.php remote file include attempt (server-webapp.rules) * 1:28910 <-> DISABLED <-> SERVER-WEBAPP mcRefer install.php arbitrary PHP code injection attempt (server-webapp.rules) * 1:28912 <-> DISABLED <-> SERVER-WEBAPP Joomla simple RSS reader admin.rssreader.php remote file include attempt (server-webapp.rules) * 1:28915 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster.verify method integer overflow attempt (file-java.rules) * 1:28916 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster.verify method integer overflow attempt (file-java.rules) * 1:28917 <-> DISABLED <-> PROTOCOL-SCADA Microsys Promotic directory traversal attempt (protocol-scada.rules) * 1:28936 <-> DISABLED <-> SERVER-WEBAPP Horde groupware webmail edition ingo filter cross-site request forgery attempt (server-webapp.rules) * 1:28937 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope issuesiebelcmd soap request code execution attempt (server-webapp.rules) * 1:28942 <-> DISABLED <-> SERVER-WEBAPP BoonEx Dolphin 6.1.2 remote file include attempt (server-webapp.rules) * 1:28943 <-> DISABLED <-> SERVER-WEBAPP BoonEx Dolphin 6.1.2 remote file include attempt (server-webapp.rules) * 1:28944 <-> DISABLED <-> SERVER-WEBAPP BoonEx Dolphin 6.1.2 remote file include attempt (server-webapp.rules) * 1:28946 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint server callback function cross-site scripting attempt (server-webapp.rules) * 1:28956 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks configuration management umaninv information disclosure attempt (server-webapp.rules) * 1:28957 <-> DISABLED <-> SERVER-WEBAPP RSS-aggregator display.php remote file include attempt (server-webapp.rules) * 1:28961 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia URL length buffer overflow attempt (file-multimedia.rules) * 1:28962 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia URL length buffer overflow attempt (file-multimedia.rules) * 1:28993 <-> DISABLED <-> PROTOCOL-VOIP Sipvicious User-Agent detected (protocol-voip.rules) * 1:28998 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (os-linux.rules) * 1:28999 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (os-linux.rules) * 1:29005 <-> DISABLED <-> SERVER-WEBAPP IBM Platform Symphony SOAP request processing buffer overflow attempt (server-webapp.rules) * 1:29014 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (os-windows.rules) * 1:29017 <-> ENABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin directory traversal attempt (server-webapp.rules) * 1:29018 <-> DISABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin getReport SQL injection attempt (server-webapp.rules) * 1:29019 <-> ENABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin directory traversal attempt (server-webapp.rules) * 1:29028 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (server-mssql.rules) * 1:29029 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (server-mssql.rules) * 1:29040 <-> DISABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29041 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt (server-webapp.rules) * 1:29042 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt (server-webapp.rules) * 1:29061 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:29062 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules) * 1:29063 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules) * 1:29110 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway save.do cross site request forgery attempt (server-webapp.rules) * 1:29118 <-> DISABLED <-> SERVER-WEBAPP Novell Groupwise Messenger Server process memory information disclosure attempt (server-webapp.rules) * 1:29141 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file upload attempt (server-webapp.rules) * 1:29142 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file upload attempt (server-webapp.rules) * 1:29182 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29183 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29184 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29185 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29192 <-> DISABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29193 <-> DISABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29207 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29208 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29209 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29210 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29211 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29212 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29267 <-> DISABLED <-> SERVER-WEBAPP Nagios3 statuswml.cgi remote command execution attempt (server-webapp.rules) * 1:29277 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29278 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29279 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29280 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29296 <-> ENABLED <-> SERVER-WEBAPP Red Hat CloudForms agent controller filename directory traversal attempt (server-webapp.rules) * 1:29297 <-> ENABLED <-> SERVER-WEBAPP Red Hat CloudForms agent controller filename directory traversal attempt (server-webapp.rules) * 1:29362 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules) * 1:29387 <-> ENABLED <-> SERVER-WEBAPP Synology DiskStation Manager SLICEUPLOAD remote command execution attempt (server-webapp.rules) * 1:29390 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules) * 1:29391 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules) * 1:29392 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules) * 1:29400 <-> DISABLED <-> SERVER-WEBAPP vTiger CRM AddEmailAttachment directory traversal attempt (server-webapp.rules) * 1:29409 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:29410 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:29418 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (os-mobile.rules) * 1:29419 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (os-mobile.rules) * 1:29465 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29466 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29467 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29468 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29485 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29486 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29487 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29488 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29490 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules) * 1:29491 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules) * 1:29498 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center sdFileDownload information disclosure attempt (server-webapp.rules) * 1:29499 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center sdFileDownload information disclosure attempt (server-webapp.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29528 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt (server-other.rules) * 1:29529 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt (server-other.rules) * 1:29530 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt (server-other.rules) * 1:29531 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt (server-other.rules) * 1:29532 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt (server-other.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:29537 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (server-webapp.rules) * 1:29570 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29571 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29572 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29573 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29574 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29575 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29576 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29577 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29581 <-> DISABLED <-> SERVER-OTHER CA Brightstor SUN RPC malformed string buffer overflow attempt (server-other.rules) * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:29605 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:29606 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29622 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:29639 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:29647 <-> DISABLED <-> SERVER-APACHE Apache Roller OGNL injection remote code execution attempt (server-apache.rules) * 1:29648 <-> DISABLED <-> SERVER-APACHE Apache Roller OGNL injection remote code execution attempt (server-apache.rules) * 1:29649 <-> DISABLED <-> SERVER-APACHE Apache Roller allowStaticMethodAccess invocation attempt (server-apache.rules) * 1:29669 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (file-pdf.rules) * 1:29746 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway languagetest.php language parameter directory traversal attempt (server-webapp.rules) * 1:29750 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules) * 1:29751 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules) * 1:29752 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules) * 1:29756 <-> DISABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager express user.updateUserValue sql injection attempt (server-webapp.rules) * 1:29792 <-> DISABLED <-> SERVER-OTHER Novell iPrint Server remote code execution attempt (server-other.rules) * 1:29798 <-> DISABLED <-> SERVER-WEBAPP CuteFlow pre-authenticated admin account creation attempt (server-webapp.rules) * 1:29799 <-> DISABLED <-> SERVER-WEBAPP CuteFlow pre-authenticated admin account creation attempt (server-webapp.rules) * 1:29808 <-> DISABLED <-> SERVER-WEBAPP Nagios XI alert cloud cross site scripting attempt (server-webapp.rules) * 1:29823 <-> DISABLED <-> OS-WINDOWS Microsoft Windows secure channel malformed certificate request memory corruption attempt (os-windows.rules) * 1:29937 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceR3Info buffer overflow attempt (server-other.rules) * 1:29939 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29940 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29941 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29942 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29946 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:29947 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:29948 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:29950 <-> DISABLED <-> SERVER-OTHER TP-Link TL-WR740N wireless router remote denial of service attempt (server-other.rules) * 1:29967 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (server-other.rules) * 1:29968 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (server-other.rules) * 1:29992 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT120N tmUnblock.cgi TM_Block_URL parameter fprintf stack buffer overflow attempt (server-webapp.rules) * 1:30010 <-> DISABLED <-> SERVER-APACHE Apache Solr SolrResourceLoader directory traversal attempt (server-apache.rules) * 1:30011 <-> DISABLED <-> SERVER-WEBAPP GE Proficy CIMPLICITY CimWebServer remote code execution attempt (server-webapp.rules) * 1:30012 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (server-webapp.rules) * 1:30013 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (server-webapp.rules) * 1:30031 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino stack buffer overflow attempt (server-webapp.rules) * 1:30032 <-> DISABLED <-> SERVER-OTHER Borland VisiBroker Smart Agent heap overflow attempt (server-other.rules) * 1:30150 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30151 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30152 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30199 <-> DISABLED <-> SERVER-WEBAPP PHP DateInterval heap buffer overread denial of service attempt (server-webapp.rules) * 1:30200 <-> DISABLED <-> SERVER-WEBAPP PHP DateInterval heap buffer overread denial of service attempt (server-webapp.rules) * 1:30205 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30206 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30207 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30215 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules) * 1:30263 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30264 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30265 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30266 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30267 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30268 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30280 <-> DISABLED <-> SERVER-WEBAPP FreePBX config.php remote code execution attempt (server-webapp.rules) * 1:30291 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules) * 1:30292 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules) * 1:30293 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules) * 1:30294 <-> DISABLED <-> SERVER-WEBAPP SePortal poll.php SQL injection attempt (server-webapp.rules) * 1:30295 <-> DISABLED <-> SERVER-WEBAPP SePortal print.php SQL injection attempt (server-webapp.rules) * 1:30296 <-> DISABLED <-> SERVER-WEBAPP SePortal staticpages.php SQL injection attempt (server-webapp.rules) * 1:30305 <-> DISABLED <-> SERVER-WEBAPP Horde Framework variables.php unserialize PHP code execution attempt (server-webapp.rules) * 1:30307 <-> DISABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules) * 1:30329 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (server-other.rules) * 1:30330 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (server-other.rules) * 1:30343 <-> DISABLED <-> SERVER-WEBAPP Joomla weblinks-categories SQL injection attempt (server-webapp.rules) * 1:30526 <-> DISABLED <-> SERVER-WEBAPP Joomla komento extension cross site scripting attempt (server-webapp.rules) * 1:30527 <-> DISABLED <-> SERVER-WEBAPP Joomla komento extension cross site scripting attempt (server-webapp.rules) * 1:30528 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:30529 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:30774 <-> DISABLED <-> SERVER-WEBAPP Splunk collect file parameter directory traversal attempt (server-webapp.rules) * 1:30790 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30792 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30797 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 RETR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30798 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 STOR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30799 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 ATTR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30800 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 XATR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30801 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 PMODE bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30802 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 bkclogserv buffer overflow attempt (protocol-scada.rules) * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:30876 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:30877 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:30928 <-> ENABLED <-> SERVER-OTHER SAP NetWeaver dir content listing attempt (server-other.rules) * 1:30944 <-> DISABLED <-> SERVER-APACHE Apache Struts CookieInterceptor classloader access attempt (server-apache.rules) * 1:31015 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules) * 1:31016 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules) * 1:31021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (file-pdf.rules) * 1:31022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (file-pdf.rules) * 1:31056 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31057 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31058 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntName enumeration attempt (protocol-snmp.rules) * 1:31059 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntPassword enumeration attempt (protocol-snmp.rules) * 1:31067 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess ChartThemeConfig SQL injection attempt (server-webapp.rules) * 1:31068 <-> DISABLED <-> SERVER-OTHER F5 BIG-IP iControl API hostname command injection attempt (server-other.rules) * 1:31095 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31096 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31097 <-> DISABLED <-> PROTOCOL-SNMP CableHome Devices cabhPsDevUIPassword enumeration attempt (protocol-snmp.rules) * 1:31098 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31099 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31100 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series password enumeration attempt (protocol-snmp.rules) * 1:31103 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31104 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31105 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31106 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31128 <-> DISABLED <-> PROTOCOL-FTP CoreFTP FTP Server TYPE command denial of service attempt (protocol-ftp.rules) * 1:31143 <-> DISABLED <-> SERVER-WEBAPP CA ERwin Web Portal ConfigServiceProvider directory traversal attempt (server-webapp.rules) * 1:31148 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:31149 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:31157 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub getpermissions.asp command injection attempt (server-webapp.rules) * 1:31158 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub getpermissions.asp command injection attempt (server-webapp.rules) * 1:31159 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub getpermissions.asp command injection attempt (server-webapp.rules) * 1:31160 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub getpermissions.asp command injection attempt (server-webapp.rules) * 1:31176 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31177 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31178 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31179 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31195 <-> DISABLED <-> SERVER-WEBAPP VMTurbo Operations Manager directory traversal attempt (server-webapp.rules) * 1:31210 <-> ENABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller close_window.cgi buffer overflow attempt (server-webapp.rules) * 1:31211 <-> ENABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller close_window.cgi buffer overflow attempt (server-webapp.rules) * 1:31259 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller url_redirect.cgi directory traversal attempt (server-webapp.rules) * 1:31300 <-> ENABLED <-> SERVER-OTHER Xerox DocuShare SQL injection attempt (server-other.rules) * 1:31305 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center fileRequestor directory traversal attempt (server-webapp.rules) * 1:31310 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31311 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31312 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31330 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd update_system_info_debian_package command injection attempt (server-webapp.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:31338 <-> DISABLED <-> SERVER-OTHER OpenAFS GetStatistics buffer overflow attempt (server-other.rules) * 1:31360 <-> DISABLED <-> SERVER-WEBAPP PHP include parameter remote file include attempt (server-webapp.rules) * 1:31362 <-> DISABLED <-> SERVER-WEBAPP MiniBB PHP arbitrary remote code execution attempt (server-webapp.rules) * 1:31363 <-> DISABLED <-> SERVER-WEBAPP MF Piadas admin.php page parameter PHP remote file include attempt (server-webapp.rules) * 1:31364 <-> DISABLED <-> SERVER-WEBAPP FlashGameScript index.php func parameter PHP remote file include attempt (server-webapp.rules) * 1:31366 <-> ENABLED <-> FILE-JAVA Oracle Java sun.tracing.ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:31367 <-> ENABLED <-> FILE-JAVA Oracle Java sun.tracing.ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:31373 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:31376 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules) * 1:31377 <-> DISABLED <-> SERVER-WEBAPP PHP includedir parameter remote file include attempt (server-webapp.rules) * 1:31378 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:31379 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (file-office.rules) * 1:31411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31412 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31415 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31425 <-> DISABLED <-> SERVER-WEBAPP PHP Simple Shop abs_path parameter PHP remote file include attempt (server-webapp.rules) * 1:31426 <-> DISABLED <-> SERVER-WEBAPP Jevontech PHPenpals PersonalID SQL injection attempt (server-webapp.rules) * 1:31429 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint server callback function cross-site scripting attempt (server-webapp.rules) * 1:31439 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:31440 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:31443 <-> DISABLED <-> SERVER-WEBAPP ActiveState ActivePerl perlIIS.dll server URI buffer overflow attempt (server-webapp.rules) * 1:31497 <-> DISABLED <-> SERVER-WEBAPP Oracle Event Processing FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:31498 <-> DISABLED <-> SERVER-WEBAPP Oracle Event Processing FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:31505 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd get_license command injection attempt (server-webapp.rules) * 1:31506 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd get_log_line command injection attempt (server-webapp.rules) * 1:31519 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:31520 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:31521 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:31522 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:31523 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:31524 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:31525 <-> ENABLED <-> SERVER-OTHER HP AutoPass License Server CommunicationServlet directory traversal attempt (server-other.rules) * 1:31526 <-> ENABLED <-> SERVER-OTHER HP AutoPass License Server CommunicationServlet directory traversal attempt (server-other.rules) * 1:31529 <-> ENABLED <-> SERVER-OTHER D-Link Multiple Products HNAP request buffer overflow attempt (server-other.rules) * 1:31534 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31535 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31536 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31537 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31540 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31541 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31542 <-> DISABLED <-> SERVER-WEBAPP D-Link Multiple Products info.cgi request buffer overflow attempt (server-webapp.rules) * 1:31555 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules) * 1:31562 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word global array index heap overflow attempt (file-office.rules) * 1:31565 <-> DISABLED <-> SERVER-WEBAPP Flashchat aedatingCMS2.php remote file include attempt (server-webapp.rules) * 1:31566 <-> DISABLED <-> SERVER-WEBAPP Flashchat aedatingCMS.php remote file include attempt (server-webapp.rules) * 1:31567 <-> DISABLED <-> SERVER-WEBAPP Gitlist remote command injection attempt (server-webapp.rules) * 1:31569 <-> DISABLED <-> SERVER-WEBAPP Tiki Wiki 8.3 unserialize PHP remote code execution attempt (server-webapp.rules) * 1:31570 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB mysql.cc buffer overflow attempt (server-mysql.rules) * 1:31588 <-> DISABLED <-> SERVER-WEBAPP D-Link Multiple Products hedwig.cgi cookie buffer overflow attempt (server-webapp.rules) * 1:31637 <-> DISABLED <-> SERVER-WEBAPP Ad Fundum Integrateable News Script remote include path attempt (server-webapp.rules) * 1:31638 <-> DISABLED <-> SERVER-WEBAPP Voodoo Chat index.php remote include path attempt (server-webapp.rules) * 1:31647 <-> DISABLED <-> SERVER-WEBAPP AVM FritzBox webcm command injection attempt (server-webapp.rules) * 1:31648 <-> DISABLED <-> SERVER-WEBAPP AVM FritzBox webcm command injection attempt (server-webapp.rules) * 1:31651 <-> DISABLED <-> SERVER-WEBAPP VMTurbo Operations Manager vmtadmin.cgi command injection attempt (server-webapp.rules) * 1:31652 <-> DISABLED <-> SERVER-WEBAPP VMTurbo Operations Manager vmtadmin.cgi command injection attempt (server-webapp.rules) * 1:31686 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31687 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31696 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (server-webapp.rules) * 1:31698 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:47815 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor LicenseServlet directory traversal attempt (server-webapp.rules) * 1:47826 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan variant download (malware-cnc.rules) * 1:47838 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:47814 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor imageUploadServlet directory traversal attempt (server-webapp.rules) * 1:47820 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (server-other.rules) * 1:47822 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan outbound attempt (malware-cnc.rules) * 1:47829 <-> ENABLED <-> SERVER-OTHER JBoss Richfaces expression language injection attempt (server-other.rules) * 1:47817 <-> DISABLED <-> SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt (server-webapp.rules) * 1:47843 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Adwind variant outbound connection (malware-cnc.rules) * 1:47847 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47831 <-> DISABLED <-> SERVER-WEBAPP phpmyadmin post-authentication local file inclusion attempt (server-webapp.rules) * 1:47844 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47851 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SystemCollector privilege escalation attempt (os-windows.rules) * 1:47813 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor imageUploadServlet directory traversal attempt (server-webapp.rules) * 1:47816 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor LicenseServlet arbitrary JSP file upload attempt (server-webapp.rules) * 1:47846 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47823 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan variant download (malware-cnc.rules) * 1:47848 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47837 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownloadGuide variant outbound traffic (malware-cnc.rules) * 1:47839 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules) * 1:47849 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47824 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan variant download (malware-cnc.rules) * 1:47827 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules) * 1:47819 <-> DISABLED <-> SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt (server-webapp.rules) * 1:47836 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownloadGuide variant outbound traffic (malware-cnc.rules) * 1:47835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownloadGuide variant outbound traffic (malware-cnc.rules) * 1:47845 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47825 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan variant download (malware-cnc.rules) * 1:47850 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SystemCollector privilege escalation attempt (os-windows.rules) * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:47812 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor imageUploadServlet arbitrary JSP file upload attempt (server-webapp.rules) * 1:47821 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (server-other.rules) * 1:47832 <-> DISABLED <-> SERVER-WEBAPP WordPress Responsive Thumbnail Slider arbitrary PHP file upload attempt (server-webapp.rules) * 1:47828 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules) * 1:47818 <-> DISABLED <-> SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt (server-webapp.rules) * 3:47842 <-> ENABLED <-> PROTOCOL-DNS TRUFFLEHUNTER TALOS-2018-0681 attack attempt (protocol-dns.rules) * 3:47840 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0680 attack attempt (file-other.rules) * 3:47841 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0680 attack attempt (file-other.rules)
* 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:46640 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Worm.Brontok outbound HTTP request attempt (indicator-compromise.rules) * 1:46482 <-> ENABLED <-> MALWARE-CNC Installation Keylogger Osx.Trojan.Mokes data exfiltration (malware-cnc.rules) * 1:34160 <-> DISABLED <-> SERVER-OTHER Oracle Outside In Paradox database denial of service attempt (server-other.rules) * 1:33009 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:34912 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules) * 1:35702 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:36527 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:34245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:32793 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:37943 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:36376 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework lcfd endpoint daemon buffer overflow attempt (server-other.rules) * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:34358 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWALL SonicOS macIpSpoofView cross site scripting attempt (server-webapp.rules) * 1:34104 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (server-webapp.rules) * 1:32276 <-> DISABLED <-> SERVER-WEBAPP WordPress Infusionsoft Gravity Forms Plugin arbitrary code execution attempt (server-webapp.rules) * 1:34538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:33074 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (server-webapp.rules) * 1:32346 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (server-other.rules) * 1:36507 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:32753 <-> ENABLED <-> SERVER-WEBAPP FreePBX Framework Asterisk recording interface PHP unserialize code execution attempt (server-webapp.rules) * 1:34375 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34106 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (server-webapp.rules) * 1:35532 <-> DISABLED <-> SERVER-WEBAPP Apache HTTP server mod_cache denial of service attempt (server-webapp.rules) * 1:34938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:36562 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:32739 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:31882 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:32744 <-> DISABLED <-> SERVER-WEBAPP ManageEngine NetFlow Analyzer DisplayChartPDF directory traversal attempt (server-webapp.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:33938 <-> DISABLED <-> SERVER-WEBAPP Seagate BlackArmor NAS send_test_email command injection attempt (server-webapp.rules) * 1:35033 <-> DISABLED <-> SERVER-WEBAPP LANDesk Management Suite remote file include attempt (server-webapp.rules) * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules) * 1:38012 <-> DISABLED <-> SERVER-WEBAPP Alienvault OSSIM graph_geoloc.php SQL injection attempt (server-webapp.rules) * 1:35734 <-> DISABLED <-> SERVER-WEBAPP Netgear WNDR4700 and R6200 admin interface authentication bypass attempt (server-webapp.rules) * 1:34619 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (server-webapp.rules) * 1:34343 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:34806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:36900 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive showRecxml.jsp directory traversal attempt (server-webapp.rules) * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36564 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (file-multimedia.rules) * 1:34426 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:32076 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (server-other.rules) * 1:31856 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products WPA key enumeration attempt (protocol-snmp.rules) * 1:38266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word HTML linked objects memory corruption attempt (file-office.rules) * 1:34911 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules) * 1:35679 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules) * 1:32582 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker XmlImportExport plugin PHP code injection attempt (server-webapp.rules) * 1:34539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34239 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (server-other.rules) * 1:32885 <-> DISABLED <-> SERVER-WEBAPP Enalean Tuleap PHP unserialize code execution attempt (server-webapp.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:32961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:32324 <-> DISABLED <-> SERVER-WEBAPP WordPress Custom Contact Forms plugin arbitrary SQL execution attempt (server-webapp.rules) * 1:35678 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules) * 1:37134 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules) * 1:32403 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:37939 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:37934 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager LIST stack overflow attempt (protocol-ftp.rules) * 1:32044 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Eventlog Analyzer directory traversal attempt (server-webapp.rules) * 1:37242 <-> ENABLED <-> SERVER-WEBAPP D-Link DCS-900 Series Network Camera arbitrary file upload attempt (server-webapp.rules) * 1:32235 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:34493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:35413 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:31747 <-> DISABLED <-> SERVER-WEBAPP Gitlab ssh key upload command injection attempt (server-webapp.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:34159 <-> ENABLED <-> FILE-FLASH Adobe Flash Player EAC3 memory corruption attempt (file-flash.rules) * 1:32056 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:35374 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:34525 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType blend memory corruption attempt (file-pdf.rules) * 1:31879 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31731 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway dbutils.php SQL injection attempt (server-webapp.rules) * 1:35765 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:34486 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:38274 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:34620 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (server-webapp.rules) * 1:34907 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:34359 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense deletefile directory traversal attempt (server-webapp.rules) * 1:31729 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Password Manager MetadataServlet SQL injection attempt (server-webapp.rules) * 1:36384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:34526 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Cooltype callother memory corruption attempt (file-pdf.rules) * 1:34167 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:47744 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup CustomerPortalService.pm command injection attempt (server-webapp.rules) * 1:32234 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:31987 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (file-other.rules) * 1:33514 <-> DISABLED <-> SERVER-WEBAPP WordPress Photo Gallery PHP code execution attempt (server-webapp.rules) * 1:36565 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (file-multimedia.rules) * 1:33653 <-> DISABLED <-> SERVER-WEBAPP Solarwinds Orion AccountManagement SQL injection attempt (server-webapp.rules) * 1:35032 <-> DISABLED <-> SERVER-WEBAPP LANDesk Management Suite remote file include attempt (server-webapp.rules) * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:35049 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:34350 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:33517 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:35763 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:37133 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules) * 1:34527 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Cooltype callother memory corruption attempt (file-pdf.rules) * 1:33937 <-> DISABLED <-> SERVER-WEBAPP TRENDnet TN200 Network Storage System command injection attempt (server-webapp.rules) * 1:33039 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:34353 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:35048 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:34056 <-> DISABLED <-> SERVER-WEBAPP Lexmark Markvision Enterprise LibraryFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:36261 <-> DISABLED <-> SERVER-WEBAPP PHP fileinfo cdf_read_property_info denial of service attempt (server-webapp.rules) * 1:36529 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:32109 <-> DISABLED <-> SERVER-WEBAPP Easy File Management stack buffer overflow attempt (server-webapp.rules) * 1:31765 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (server-other.rules) * 1:33599 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central MSP StatusUpdateServlet directory traversal attempt (server-webapp.rules) * 1:36544 <-> DISABLED <-> SERVER-WEBAPP pChart script parameter directory traversal attempt (server-webapp.rules) * 1:35535 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules) * 1:36510 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:33916 <-> DISABLED <-> SERVER-WEBAPP HP ArcSight Logger directory traversal attempt (server-webapp.rules) * 1:33031 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:35314 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_proxy denial of service attempt (server-apache.rules) * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules) * 1:33448 <-> DISABLED <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt (server-webapp.rules) * 1:33516 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33035 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules) * 1:34483 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:33581 <-> DISABLED <-> SERVER-WEBAPP nginx URI processing security bypass attempt (server-webapp.rules) * 1:33037 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:31798 <-> DISABLED <-> SERVER-WEBAPP HP Network Virtualization storedNtxFile directory traversal attempt (server-webapp.rules) * 1:33894 <-> DISABLED <-> SERVER-WEBAPP TWiki debugenableplugins arbitrary perl code injection attempt (server-webapp.rules) * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:36462 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost verifypwd buffer overflow attempt (server-other.rules) * 1:35077 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules) * 1:38272 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:36528 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:32323 <-> DISABLED <-> SERVER-WEBAPP WordPress Custom Contact Forms plugin SQL export attempt (server-webapp.rules) * 1:34899 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:36493 <-> DISABLED <-> SERVER-OTHER Squid snmphandleUDP off-by-one buffer overflow attempt (server-other.rules) * 1:34349 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:32352 <-> ENABLED <-> SERVER-WEBAPP Centreon displayServiceStatus.php command injection attempt (server-webapp.rules) * 1:32348 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:35281 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:33006 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:35427 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules) * 1:33008 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33651 <-> DISABLED <-> SERVER-WEBAPP Solarwinds Orion AccountManagement SQL injection attempt (server-webapp.rules) * 1:34941 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:33573 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products FailOverHelperServlet information disclosure attempt (server-webapp.rules) * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:33038 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:34901 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:33665 <-> ENABLED <-> SERVER-OTHER HP Client Automation command injection attempt (server-other.rules) * 1:32974 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (os-mobile.rules) * 1:36886 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:33032 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:32901 <-> DISABLED <-> FILE-OTHER Advantech ADAMView GeniDAQ display designer stack buffer overflow attempt (file-other.rules) * 1:32232 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:34894 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:34285 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense firewall_shaper cross site scripting attempt (server-webapp.rules) * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:31745 <-> DISABLED <-> SERVER-WEBAPP vTiger CRM install module command injection attempt (server-webapp.rules) * 1:34158 <-> ENABLED <-> FILE-FLASH Adobe Flash Player EAC3 memory corruption attempt (file-flash.rules) * 1:34352 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34055 <-> DISABLED <-> SERVER-WEBAPP Lexmark Markvision Enterprise LibraryFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34798 <-> DISABLED <-> SERVER-OTHER HP LoadRunner launcher.dll stack buffer overflow attempt (server-other.rules) * 1:33659 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules) * 1:34472 <-> DISABLED <-> SERVER-WEBAPP Symantec Critical System Protection SQL injection attempt (server-webapp.rules) * 1:34914 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules) * 1:33447 <-> DISABLED <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt (server-webapp.rules) * 1:34244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:32233 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:34904 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:37664 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:34896 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:32902 <-> DISABLED <-> FILE-OTHER Advantech ADAMView GeniDAQ display designer stack buffer overflow attempt (file-other.rules) * 1:38191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:34524 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType blend memory corruption attempt (file-pdf.rules) * 1:35541 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftagent SQL injection attempt (server-other.rules) * 1:32199 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 305 directory traversal attempt (server-other.rules) * 1:34940 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34300 <-> ENABLED <-> SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (server-webapp.rules) * 1:31818 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral statusUpdate servlet directory traversal attempt (server-webapp.rules) * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:45399 <-> DISABLED <-> FILE-OTHER Adobe Photoshop asset elements stack based buffer overflow attempt (file-other.rules) * 1:35253 <-> DISABLED <-> SERVER-OTHER LibreOffice Impress socket manager Use After Free attempt (server-other.rules) * 1:32084 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:35367 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34897 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:31730 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway dbutils.php SQL injection attempt (server-webapp.rules) * 1:36596 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules) * 1:37362 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules) * 1:35364 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35677 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance KSudoClient privilege escalation attempt (server-webapp.rules) * 1:35531 <-> DISABLED <-> SERVER-WEBAPP Apache HTTP server mod_cache denial of service attempt (server-webapp.rules) * 1:35682 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:35704 <-> DISABLED <-> SERVER-WEBAPP Maarch LetterBox arbitrary PHP file upload attempt (server-webapp.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:35000 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management queryid SQL injection attempt (server-webapp.rules) * 1:4637 <-> DISABLED <-> SERVER-OTHER MailEnable HTTPMail buffer overflow attempt (server-other.rules) * 1:32970 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP name parameter directory traversal attempt (server-webapp.rules) * 1:34890 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32ZLib.dll dll-load exploit attempt (file-other.rules) * 1:35118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:34169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:34157 <-> ENABLED <-> FILE-FLASH Adobe Flash Player EAC3 memory corruption attempt (file-flash.rules) * 1:36461 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost sadminpwd buffer overflow attempt (server-other.rules) * 1:31877 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:37830 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:31823 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM remote_task command injection attempt (server-webapp.rules) * 1:33197 <-> DISABLED <-> SERVER-OTHER BMC Track-It FileStorageService directory traversal attempt (server-other.rules) * 1:34902 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:34168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:31956 <-> DISABLED <-> SERVER-WEBAPP Rejetto HttpFileServer command injection attempt (server-webapp.rules) * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:35094 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (file-other.rules) * 1:37854 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router cross site scripting attempt (server-webapp.rules) * 1:34900 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules) * 1:34915 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro quserex.dll dll-load exploit attempt (netbios.rules) * 1:33598 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central MSP StatusUpdateServlet directory traversal attempt (server-webapp.rules) * 1:31890 <-> DISABLED <-> SERVER-MAIL Exim Dovecot LDA sender_address command injection attempt (server-mail.rules) * 1:38965 <-> DISABLED <-> SERVER-WEBAPP VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (server-webapp.rules) * 1:34376 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:33040 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:35680 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules) * 1:31851 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 128 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:34898 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:33011 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:32628 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:34360 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense deletefile directory traversal attempt (server-webapp.rules) * 1:35399 <-> DISABLED <-> SERVER-WEBAPP WordPress MailChimp Subscribe Forms PHP Code Execution command injection attempt (server-webapp.rules) * 1:36191 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:32745 <-> DISABLED <-> SERVER-WEBAPP ManageEngine NetFlow Analyzer information disclosure attempt (server-webapp.rules) * 1:33036 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37096 <-> DISABLED <-> SERVER-WEBAPP Joomla Component com_gmaps SQL injection attempt (server-webapp.rules) * 1:33033 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:35429 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules) * 1:35014 <-> ENABLED <-> SERVER-WEBAPP Centreon GetXMLTrapsForVendor.php SQL injection attempt (server-webapp.rules) * 1:43674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:34635 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules) * 1:34846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules) * 1:35442 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:36508 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:34799 <-> ENABLED <-> SERVER-WEBAPP UPnP AddPortMapping SOAP action command injection attempt (server-webapp.rules) * 1:36613 <-> DISABLED <-> SERVER-WEBAPP McAfee Cloud Single Sign ExtensionAccessServlet directory traversal attempt (server-webapp.rules) * 1:37832 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:35533 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules) * 1:34942 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34344 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:32962 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:31912 <-> DISABLED <-> SERVER-WEBAPP cPanel 9.01 multiple URI parameters cross site scripting attempt (server-webapp.rules) * 1:37941 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:34910 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:34492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:35279 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules) * 1:32738 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:33676 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway restore.php command injection attempt (server-webapp.rules) * 1:36025 <-> DISABLED <-> SERVER-OTHER Digium Asterisk TLS Certificate Common Name null byte validation bypass attempt (server-other.rules) * 1:36901 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive showRecxml.jsp directory traversal attempt (server-webapp.rules) * 1:35016 <-> ENABLED <-> SERVER-WEBAPP Centreon cmdGetExample.php SQL injection attempt (server-webapp.rules) * 1:34221 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules) * 1:43675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:35406 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_status heap buffer overflow attempt (server-apache.rules) * 1:35372 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:34238 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (server-other.rules) * 1:34351 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:31881 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:34495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:37803 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:33917 <-> DISABLED <-> SERVER-WEBAPP HP ArcSight Logger directory traversal attempt (server-webapp.rules) * 1:31743 <-> DISABLED <-> SERVER-WEBAPP Wordpress WPTouch file upload remote code execution attempt (server-webapp.rules) * 1:34284 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense firewall_rules cross site scripting attempt (server-webapp.rules) * 1:31986 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (file-other.rules) * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules) * 1:32057 <-> DISABLED <-> SERVER-WEBAPP ManageEngine multipartRequest servlet directory traversal attempt (server-webapp.rules) * 1:37097 <-> DISABLED <-> SERVER-WEBAPP Joomla Component com_gmaps SQL injection attempt (server-webapp.rules) * 1:32975 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (os-mobile.rules) * 1:31852 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 64 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:32349 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:34634 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules) * 1:34240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34481 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:32059 <-> ENABLED <-> PROTOCOL-SCADA KingSCADA Alarm Server stack buffer overflow attempt (protocol-scada.rules) * 1:33812 <-> ENABLED <-> SERVER-WEBAPP Seagate NAS remote code execution attempt (server-webapp.rules) * 1:34373 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34184 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense services_unbound_acls cross site scripting attempt (server-webapp.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:32351 <-> DISABLED <-> SERVER-WEBAPP ManageEngine multipartRequest servlet directory traversal attempt (server-webapp.rules) * 1:34913 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules) * 1:34225 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (protocol-ftp.rules) * 1:34487 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:37855 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router cross site scripting attempt (server-webapp.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:33010 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules) * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:34482 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34939 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:36885 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:34892 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:36383 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:32968 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP name parameter directory traversal attempt (server-webapp.rules) * 1:32530 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:33518 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:33034 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:35681 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php authentication bypass attempt (server-webapp.rules) * 1:31880 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:33087 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:34569 <-> DISABLED <-> SERVER-WEBAPP Wordpress Creative Contact Form arbitrary PHP file upload attempt (server-webapp.rules) * 1:34893 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:33007 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:35414 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:31878 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:33446 <-> DISABLED <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt (server-webapp.rules) * 1:37857 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router cross site scripting attempt (server-webapp.rules) * 1:32528 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts directory traversal attempt (server-webapp.rules) * 1:34242 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34603 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:31855 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 64 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:38229 <-> DISABLED <-> SERVER-WEBAPP Wordpress Simple Ads Manager sam-ajax-admin.php directory traversal attempt (server-webapp.rules) * 1:36530 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:34485 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:35017 <-> ENABLED <-> SERVER-WEBAPP Centreon makeXML_ListMetrics.php SQL injection attempt (server-webapp.rules) * 1:34552 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:34805 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34891 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32Zlib.dll dll-load exploit attempt (file-other.rules) * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36854 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules) * 1:36823 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server buffer overflow attempt (server-other.rules) * 1:33890 <-> DISABLED <-> SERVER-WEBAPP Websense Triton CommandLineServlet command injection attempt (server-webapp.rules) * 1:37831 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:35443 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:31889 <-> DISABLED <-> SERVER-MAIL Exim Dovecot LDA sender_address command injection attempt (server-mail.rules) * 1:33515 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:37665 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:34804 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35940 <-> DISABLED <-> SERVER-WEBAPP PHP phar_parse_tarfile method integer overflow attempt (server-webapp.rules) * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:32886 <-> DISABLED <-> SERVER-WEBAPP Enalean Tuleap PHP unserialize code execution attempt (server-webapp.rules) * 1:38898 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 aires.dll dll-load exploit attempt (file-other.rules) * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:34484 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:33832 <-> DISABLED <-> SERVER-WEBAPP Seagate BlackArmor NAS getAlias.php command injection attempt (server-webapp.rules) * 1:33005 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33895 <-> DISABLED <-> SERVER-WEBAPP TWiki debugenableplugins arbitrary perl code injection attempt (server-webapp.rules) * 1:33652 <-> DISABLED <-> SERVER-WEBAPP Solarwinds Orion AccountManagement SQL injection attempt (server-webapp.rules) * 1:34845 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules) * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules) * 1:36855 <-> ENABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (file-other.rules) * 1:35684 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules) * 1:31764 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (server-other.rules) * 1:37942 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:33657 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules) * 1:34633 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules) * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (server-other.rules) * 1:34943 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:37856 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router cross site scripting attempt (server-webapp.rules) * 1:38273 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:32350 <-> DISABLED <-> SERVER-WEBAPP ManageEngine multipartRequest servlet directory traversal attempt (server-webapp.rules) * 1:34374 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:37098 <-> DISABLED <-> SERVER-WEBAPP Joomla Component com_gmaps SQL injection attempt (server-webapp.rules) * 1:3827 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php post attempt (server-webapp.rules) * 1:33076 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (server-webapp.rules) * 1:37099 <-> DISABLED <-> SERVER-WEBAPP Joomla Component com_gmaps SQL injection attempt (server-webapp.rules) * 1:34222 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules) * 1:32887 <-> DISABLED <-> SERVER-WEBAPP ActualScripts ActualAnalyzer aa.php command injection attempt (server-webapp.rules) * 1:34166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:34905 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:33597 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central MSP StatusUpdateServlet directory traversal attempt (server-webapp.rules) * 1:32964 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:33277 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:34909 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:34139 <-> DISABLED <-> SERVER-OTHER Novell ZenWorks configuration management file upload directory traversal attempt (server-other.rules) * 1:33029 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33632 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (server-webapp.rules) * 1:34906 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:32347 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:36192 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:3519 <-> DISABLED <-> SERVER-MYSQL MaxDB WebSQL wppassword buffer overflow default port (server-mysql.rules) * 1:34577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:32342 <-> ENABLED <-> SERVER-OTHER AlienVault OSSIM framework backup_restore action command injection attempt (server-other.rules) * 1:36375 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework Endpoint default HTTP password authentication attempt (server-other.rules) * 1:3518 <-> DISABLED <-> SERVER-MYSQL MaxDB WebSQL wppassword buffer overflow (server-mysql.rules) * 1:37690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules) * 1:32085 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:34916 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro u32zlib.dll dll-load exploit attempt (netbios.rules) * 1:46641 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Worm.Brontok outbound HTTP request attempt (indicator-compromise.rules) * 1:47033 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:46642 <-> ENABLED <-> MALWARE-CNC Win.Worm.Brontok user-agent outbound connection (malware-cnc.rules) * 1:604 <-> DISABLED <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt (protocol-services.rules) * 1:47032 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:494 <-> DISABLED <-> INDICATOR-COMPROMISE command completed (indicator-compromise.rules) * 1:33276 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:33615 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:34000 <-> DISABLED <-> SERVER-WEBAPP Berta Content Management System PHP code execution attempt (server-webapp.rules) * 1:37937 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:33075 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (server-webapp.rules) * 1:35683 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules) * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules) * 1:35701 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:38190 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34604 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts saveFile.jsp directory traversal attempt (server-webapp.rules) * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:32527 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts directory traversal attempt (server-webapp.rules) * 1:34895 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:35440 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35015 <-> ENABLED <-> SERVER-WEBAPP Centreon GetXmlTree.php SQL injection attempt (server-webapp.rules) * 1:33813 <-> DISABLED <-> SERVER-WEBAPP Eclipse Foundation Jetty HttpParser information disclosure attempt (server-webapp.rules) * 1:33279 <-> DISABLED <-> SERVER-WEBAPP McAfee ePolicy Orchestrator XML external entity injection attempt (server-webapp.rules) * 1:32377 <-> DISABLED <-> FILE-OFFICE Microsoft Office invalid MS-OGRAPH DataFormat buffer overflow attempt (file-office.rules) * 1:33853 <-> DISABLED <-> SERVER-WEBAPP D-Link multiple products ping.ccp command injection attempt (server-webapp.rules) * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (server-webapp.rules) * 1:36197 <-> DISABLED <-> SERVER-WEBAPP nginx SMTP proxy STARTTLS plaintext command injection attempt (server-webapp.rules) * 1:34999 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management queryid SQL injection attempt (server-webapp.rules) * 1:38351 <-> DISABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt (server-webapp.rules) * 1:34606 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts saveFile.jsp directory traversal attempt (server-webapp.rules) * 1:34105 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (server-webapp.rules) * 1:37829 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:33440 <-> DISABLED <-> SERVER-WEBAPP WordPress EasyCart PHP code execution attempt (server-webapp.rules) * 1:35418 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (server-other.rules) * 1:33889 <-> DISABLED <-> SERVER-WEBAPP Websense Triton CommandLineServlet command injection attempt (server-webapp.rules) * 1:37833 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:36509 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:36563 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:32381 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:36262 <-> DISABLED <-> SERVER-WEBAPP PHP fileinfo cdf_read_property_info denial of service attempt (server-webapp.rules) * 1:32963 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34903 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:33041 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:32969 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP name parameter directory traversal attempt (server-webapp.rules) * 1:38897 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 aires.dll dll-load exploit attempt (file-other.rules) * 1:38192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:37938 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:37828 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:37363 <-> DISABLED <-> SERVER-OTHER Java Library SpringFramework unauthorized serialized object attempt (server-other.rules) * 1:31651 <-> DISABLED <-> SERVER-WEBAPP VMTurbo Operations Manager vmtadmin.cgi command injection attempt (server-webapp.rules) * 1:33442 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:34241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:33012 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:34803 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34427 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:35764 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:32619 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (file-other.rules) * 1:34621 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (server-webapp.rules) * 1:34361 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense deletefile directory traversal attempt (server-webapp.rules) * 1:34494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:35375 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:34578 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:33030 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:32563 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts arbitrary file upload attempt (server-webapp.rules) * 1:37940 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:34156 <-> ENABLED <-> FILE-FLASH Adobe Flash Player EAC3 memory corruption attempt (file-flash.rules) * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32742 <-> ENABLED <-> SERVER-WEBAPP Arris VAP2500 tools_command.php command execution attempt (server-webapp.rules) * 1:35428 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules) * 1:34488 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:33114 <-> DISABLED <-> SERVER-WEBAPP HP System Management Homepage cross site scripting attempt (server-webapp.rules) * 1:33935 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Marketplace plugin privilege escalation attempt (server-webapp.rules) * 1:35858 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:33278 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:31945 <-> DISABLED <-> SERVER-WEBAPP PhpWiki Ploticus plugin command injection attempt (server-webapp.rules) * 1:39391 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:36059 <-> DISABLED <-> SERVER-WEBAPP PHP CDF file handling infinite loop dos attempt (server-webapp.rules) * 1:33915 <-> DISABLED <-> SERVER-WEBAPP HP ArcSight Logger directory traversal attempt (server-webapp.rules) * 1:34220 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules) * 1:35078 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules) * 1:33574 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products FailOverHelperServlet information disclosure attempt (server-webapp.rules) * 1:34580 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:33441 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:35534 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules) * 1:31853 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A WPA key enumeration attempt (protocol-snmp.rules) * 1:31854 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 128 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:32371 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:35441 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:31838 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Eventlog Analyzer directory traversal attempt (server-webapp.rules) * 1:31819 <-> DISABLED <-> SERVER-WEBAPP HP Network Virtualization toServerObject directory traversal attempt (server-webapp.rules) * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:33113 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory IMONITOR cross site scripting attempt (server-webapp.rules) * 1:35560 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid stsd atom out of bounds read attempt (file-multimedia.rules) * 1:32620 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (file-other.rules) * 1:31892 <-> DISABLED <-> SERVER-WEBAPP HybridAuth install.php code injection attempt (server-webapp.rules) * 1:35766 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:34185 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense status_captiveportal cross site scripting attempt (server-webapp.rules) * 1:34363 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management GetStoredResult.class SQL injection attempt (server-webapp.rules) * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36902 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive showRecxml.jsp directory traversal attempt (server-webapp.rules) * 1:34579 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:33934 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Marketplace plugin directory traversal attempt (server-webapp.rules) * 1:32581 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker XmlImportExport plugin PHP code injection attempt (server-webapp.rules) * 1:33896 <-> DISABLED <-> SERVER-WEBAPP OpenNMS XML external entity injection attempt (server-webapp.rules) * 1:32601 <-> DISABLED <-> SERVER-OTHER Hikvision DVR RTSP request buffer overflow attempt (server-other.rules) * 1:36614 <-> DISABLED <-> SERVER-WEBAPP McAfee Cloud Single Sign ExtensionAccessServlet directory traversal attempt (server-webapp.rules) * 1:34364 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (server-webapp.rules) * 1:35366 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:38189 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:34243 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:32794 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:33658 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules) * 1:34215 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense diag_logs_filter cross site scripting attempt (server-webapp.rules) * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:35079 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules) * 1:34602 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (server-webapp.rules) * 1:35373 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:32014 <-> DISABLED <-> SERVER-WEBAPP GetSimpleCMS arbitrary PHP code execution attempt (server-webapp.rules) * 1:35939 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules) * 1:35280 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules) * 1:34908 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:37148 <-> DISABLED <-> SERVER-WEBAPP WordPress Gallery Objects Plugin viewid SQL injection attempt (server-webapp.rules) * 1:38267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word HTML linked objects memory corruption attempt (file-office.rules) * 1:35365 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35417 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (server-other.rules) * 1:32971 <-> DISABLED <-> SERVER-WEBAPP HP System Management iprange parameter buffer overflow attempt (server-webapp.rules) * 1:33936 <-> DISABLED <-> SERVER-WEBAPP TRENDnet TN200 Network Storage System command injection attempt (server-webapp.rules) * 1:34471 <-> ENABLED <-> SERVER-WEBAPP Symantec Critical System Protection directory traversal attempt (server-webapp.rules) * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules) * 1:34605 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts saveFile.jsp directory traversal attempt (server-webapp.rules) * 1:32337 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (file-pdf.rules) * 1:35944 <-> ENABLED <-> SERVER-MAIL IBM Domino BMP color palette stack buffer overflow attempt (server-mail.rules) * 1:31687 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31728 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central LinkViewFetchServlet SQL injection attempt (server-webapp.rules) * 1:31696 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (server-webapp.rules) * 1:31697 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (server-webapp.rules) * 1:31698 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (server-webapp.rules) * 1:8085 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager connectedNodes.ovpl command injection attempt (server-webapp.rules) * 1:8086 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager cdpView.ovpl command injection attempt (server-webapp.rules) * 1:8087 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager freeIPaddrs.ovpl command injection attempt (server-webapp.rules) * 1:8088 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager connectedNodes.ovpl command injection attempt (server-webapp.rules) * 1:8089 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager cdpView.ovpl command injection attempt (server-webapp.rules) * 1:8090 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager freeIPaddrs.ovpl command injection attempt (server-webapp.rules) * 1:8734 <-> DISABLED <-> SERVER-WEBAPP Pajax call_dispatcher className directory traversal attempt (server-webapp.rules) * 1:9620 <-> DISABLED <-> SERVER-WEBAPP Pajax call_dispatcher remote code execution attempt (server-webapp.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:1209 <-> DISABLED <-> SERVER-WEBAPP .nsconfig access (server-webapp.rules) * 1:12286 <-> DISABLED <-> FILE-OTHER PCRE character class heap buffer overflow attempt (file-other.rules) * 1:12362 <-> DISABLED <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt (server-webapp.rules) * 1:12746 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid stsd atom out of bounds read attempt (file-multimedia.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:13293 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime panorama atoms buffer overflow attempt (file-multimedia.rules) * 1:13487 <-> DISABLED <-> PUA-ADWARE Adware elite protector runtime detection (pua-adware.rules) * 1:13816 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (server-webapp.rules) * 1:13817 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (server-webapp.rules) * 1:13818 <-> DISABLED <-> SERVER-WEBAPP PHP alternate xmlrpc.php command injection attempt (server-webapp.rules) * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:13866 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection - popup ads (malware-other.rules) * 1:13867 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection (malware-other.rules) * 1:13902 <-> DISABLED <-> SERVER-OTHER IBM Lotus Sametime multiplexer stack buffer overflow attempt (server-other.rules) * 1:13916 <-> DISABLED <-> SERVER-WEBAPP Alt-N SecurityGateway username buffer overflow attempt (server-webapp.rules) * 1:13925 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager PASV stack overflow attempt (protocol-ftp.rules) * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules) * 1:13940 <-> DISABLED <-> PUA-ADWARE Hijacker win32.bho.bgf outbound connection (pua-adware.rules) * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules) * 1:14230 <-> DISABLED <-> SERVER-WEBAPP SAP DB web server stack buffer overflow attempt (server-webapp.rules) * 1:14265 <-> DISABLED <-> PROTOCOL-SCADA Multiple Schneider Electric SCADA products buffer overflow attempt (protocol-scada.rules) * 1:14607 <-> DISABLED <-> SERVER-OTHER CA Brightstor SUN RPC malformed string buffer overflow attempt (server-other.rules) * 1:14608 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules) * 1:14609 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules) * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules) * 1:1478 <-> DISABLED <-> SERVER-WEBAPP Simple Web Counter URI Parameter Buffer Overflow attempt (server-webapp.rules) * 1:1485 <-> DISABLED <-> SERVER-IIS mkilog.exe access (server-iis.rules) * 1:15472 <-> DISABLED <-> FILE-MULTIMEDIA Multiple MP3 player PLS buffer overflow attempt (file-multimedia.rules) * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (protocol-imap.rules) * 1:15562 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (file-pdf.rules) * 1:15896 <-> DISABLED <-> SERVER-OTHER Firebird SQL op_connect_request denial of service attempt (server-other.rules) * 1:15939 <-> DISABLED <-> SERVER-OTHER MSN Messenger IRC bot calling home attempt (server-other.rules) * 1:16051 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules) * 1:16098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.cekar variant outbound connection (malware-cnc.rules) * 1:16131 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker trojan zlob.dnz runtime detection - ads (malware-other.rules) * 1:16140 <-> DISABLED <-> MALWARE-CNC torpig-mebroot command and control checkin (malware-cnc.rules) * 1:16184 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (server-other.rules) * 1:16231 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:16271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS.1.Gen keepalive detection (malware-cnc.rules) * 1:16365 <-> DISABLED <-> PUA-ADWARE OnlineGames download attempt (pua-adware.rules) * 1:16366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (os-windows.rules) * 1:16494 <-> DISABLED <-> PUA-ADWARE Cutwail spambot server communication attempt (pua-adware.rules) * 1:16498 <-> DISABLED <-> PUA-ADWARE PC Antispyware 2010 FakeAV download/update attempt (pua-adware.rules) * 1:16598 <-> DISABLED <-> SERVER-OTHER Green Dam URL handling overflow attempt (server-other.rules) * 1:16606 <-> DISABLED <-> SERVER-ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt (server-oracle.rules) * 1:16636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET framework XMLDsig data tampering attempt (os-windows.rules) * 1:16638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt (file-office.rules) * 1:16665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Help Centre escape sequence XSS attempt (os-windows.rules) * 1:16688 <-> DISABLED <-> SERVER-OTHER iscsi target format string code execution attempt (server-other.rules) * 1:16689 <-> DISABLED <-> SERVER-OTHER Palo Alto Networks Firewall editUser.esp XSS attempt (server-other.rules) * 1:16692 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules) * 1:16696 <-> DISABLED <-> FILE-OTHER Astonsoft Deepburner db file path buffer overflow attempt (file-other.rules) * 1:16726 <-> DISABLED <-> FILE-OTHER gAlan malformed file stack overflow attempt (file-other.rules) * 1:16727 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules) * 1:16731 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:16732 <-> DISABLED <-> FILE-OTHER SafeNet SoftRemote multiple policy file local overflow attempt (file-other.rules) * 1:16733 <-> DISABLED <-> FILE-OTHER UltraISO CCD file handling overflow attempt (file-other.rules) * 1:16736 <-> DISABLED <-> FILE-OTHER VariCAD multiple products DWB file handling overflow attempt (file-other.rules) * 1:16737 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 1 (file-multimedia.rules) * 1:16738 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 2 (file-multimedia.rules) * 1:16751 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (file-multimedia.rules) * 1:16752 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (file-multimedia.rules) * 1:16753 <-> DISABLED <-> SERVER-WEBAPP VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (server-webapp.rules) * 1:16787 <-> DISABLED <-> FILE-OTHER Symantec multiple products AeXNSConsoleUtilities RunCMD buffer overflow attempt (file-other.rules) * 1:17103 <-> DISABLED <-> SERVER-IIS IIS 5.1 alternate data stream authentication bypass attempt (server-iis.rules) * 1:17139 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System HNDLRSVC arbitrary command execution attempt (server-other.rules) * 1:17155 <-> DISABLED <-> SERVER-OTHER Multiple vendors OPIE off-by-one stack buffer overflow attempt (server-other.rules) * 1:17234 <-> ENABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules) * 1:17235 <-> ENABLED <-> MALWARE-CNC VBMania mass mailing worm download (malware-cnc.rules) * 1:17238 <-> DISABLED <-> FILE-OTHER ACD Systems ACDSee Products XBM file handling buffer overflow attempt (file-other.rules) * 1:17250 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt (file-office.rules) * 1:17256 <-> DISABLED <-> OS-WINDOWS Microsoft Windows uniscribe fonts parsing memory corruption attempt (os-windows.rules) * 1:17301 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:17308 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:17373 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime panorama atoms buffer overflow attempt (file-multimedia.rules) * 1:17440 <-> DISABLED <-> SERVER-IIS RSA authentication agent for web redirect buffer overflow attempt (server-iis.rules) * 1:17505 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:17506 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:17507 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:17560 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word global array index heap overflow attempt (file-office.rules) * 1:17805 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Neeris.BF variant outbound connection (malware-cnc.rules) * 1:18102 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt (file-pdf.rules) * 1:18222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules) * 1:18224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules) * 1:18227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:18247 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules) * 1:18279 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karagany.A variant outbound connection (malware-cnc.rules) * 1:18281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.njz variant outbound connection (malware-cnc.rules) * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (server-webapp.rules) * 1:18448 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:18451 <-> DISABLED <-> FILE-PDF Adobe Acrobat ICC color integer overflow attempt (file-pdf.rules) * 1:18453 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:18457 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D rgba parsing overflow attempt (file-pdf.rules) * 1:18478 <-> DISABLED <-> SERVER-WEBAPP miniBB rss.php premodDir remote file include attempt (server-webapp.rules) * 1:18479 <-> DISABLED <-> SERVER-WEBAPP miniBB rss.php pathToFiles remote file include attempt (server-webapp.rules) * 1:18488 <-> DISABLED <-> FILE-OTHER Adobe Photoshop wintab32.dll dll-load exploit attempt (file-other.rules) * 1:18489 <-> DISABLED <-> FILE-OTHER Adobe Photoshop wintab32.dll dll-load exploit attempt (file-other.rules) * 1:18506 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules) * 1:18507 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules) * 1:18511 <-> DISABLED <-> SERVER-OTHER Sourcefire Snort packet fragmentation reassembly denial of service attempt (server-other.rules) * 1:18524 <-> DISABLED <-> SERVER-OTHER Multiple vendor anti-virus extended ASCII filename scan bypass attempt (server-other.rules) * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18529 <-> DISABLED <-> FILE-OTHER Adobe Premiere Pro ibfs32.dll dll-load exploit attempt (file-other.rules) * 1:18530 <-> DISABLED <-> FILE-OTHER Adobe Premier Pro ibfs32.dll dll-load exploit attempt (file-other.rules) * 1:18531 <-> DISABLED <-> SERVER-OTHER Multiple Vendors iacenc.dll dll-load exploit attempt (server-other.rules) * 1:18532 <-> DISABLED <-> OS-WINDOWS Multiple Vendors iacenc.dll dll-load exploit attempt (os-windows.rules) * 1:18535 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word file sprmTSetBrc processing buffer overflow attempt (file-office.rules) * 1:18562 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.LivePcCare variant outbound connection (malware-cnc.rules) * 1:18575 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager LIST stack overflow attempt (protocol-ftp.rules) * 1:18577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.agum variant outbound connection (malware-cnc.rules) * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (server-other.rules) * 1:18618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar.dpvy/Parkchicers.A/Delf checkin (malware-cnc.rules) * 1:18638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:18642 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:18643 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (file-office.rules) * 1:18707 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ControlCenter variant outbound connection (malware-cnc.rules) * 1:18708 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AntivirusSoft variant outbound connection (malware-cnc.rules) * 1:18709 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.aufm variant outbound connection (malware-cnc.rules) * 1:18711 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.SecurityCentral variant outbound connection (malware-cnc.rules) * 1:18712 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.XJRAntivirus variant outbound connection (malware-cnc.rules) * 1:18715 <-> ENABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (malware-cnc.rules) * 1:18716 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.H variant outbound connection (malware-cnc.rules) * 1:18717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.QO variant outbound connection (malware-cnc.rules) * 1:18718 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AdvancedDefender variant outbound connection (malware-cnc.rules) * 1:18719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.CBY variant outbound connection (malware-cnc.rules) * 1:18720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Terzib.A variant outbound connection (malware-cnc.rules) * 1:18723 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.CleanV variant outbound connection (malware-cnc.rules) * 1:18724 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ZeroClean variant outbound connection (malware-cnc.rules) * 1:18739 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Koobface.D variant outbound connection (malware-cnc.rules) * 1:18753 <-> DISABLED <-> SERVER-OTHER Zend Server Java Bridge remote code execution attempt (server-other.rules) * 1:18764 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules) * 1:18808 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail Server List Mailer Reply-To address buffer overflow attempt (server-mail.rules) * 1:18934 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- malware-cnc.rules) * 1:18936 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Win.Trojan.FakeAV (malware-cnc.rules) * 1:18937 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Win.Trojan.Krap (malware-cnc.rules) * 1:18939 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:18940 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Sality (malware-cnc.rules) * 1:18941 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - FakeAV (malware-cnc.rules) * 1:18942 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - MacProtector (malware-cnc.rules) * 1:18943 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - MacDefender (malware-cnc.rules) * 1:18945 <-> DISABLED <-> MALWARE-CNC Virus.Win32.Feberr variant outbound connection (malware-cnc.rules) * 1:18946 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IRCBot.FC variant outbound connection (malware-cnc.rules) * 1:18947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.FC variant outbound connection (malware-cnc.rules) * 1:18952 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:18976 <-> DISABLED <-> MALWARE-CNC Rogue-Software.AVCare variant outbound connection (malware-cnc.rules) * 1:18977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy variant outbound connection (malware-cnc.rules) * 1:18978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pasta.aoq variant outbound connection (malware-cnc.rules) * 1:18980 <-> DISABLED <-> MALWARE-CNC WinSpywareProtect variant outbound connection (malware-cnc.rules) * 1:18981 <-> DISABLED <-> MALWARE-CNC WinSpywareProtect variant outbound connection (malware-cnc.rules) * 1:18982 <-> DISABLED <-> MALWARE-CNC WinSpywareProtect variant outbound connection (malware-cnc.rules) * 1:18984 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Win32/Trojanclicker (malware-cnc.rules) * 1:18998 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:19016 <-> ENABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19017 <-> ENABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19018 <-> ENABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19019 <-> ENABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19021 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Win32.FraudLoad.dzm variant outbound connection (malware-cnc.rules) * 1:19023 <-> DISABLED <-> MALWARE-CNC IRC.Zapchast.zwrc variant outbound connection (malware-cnc.rules) * 1:19024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.StartPage variant outbound connection (malware-cnc.rules) * 1:19025 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Banker.Win32.Bancos.etf variant outbound connection (malware-cnc.rules) * 1:19027 <-> DISABLED <-> MALWARE-CNC BrowserModifier.Win32.Kerlofost variant outbound connection (malware-cnc.rules) * 1:19028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mailbot variant outbound connection (malware-cnc.rules) * 1:19030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uloadis variant outbound connection (malware-cnc.rules) * 1:19031 <-> DISABLED <-> MALWARE-CNC iPRIVACY variant outbound connection (malware-cnc.rules) * 1:19032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cornfemo variant outbound connection (malware-cnc.rules) * 1:19033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cornfemo variant outbound connection (malware-cnc.rules) * 1:19035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vilsel.baqb variant outbound connection (malware-cnc.rules) * 1:19036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IRCBrute.I variant outbound connection (malware-cnc.rules) * 1:19037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBrute.I variant outbound connection (malware-cnc.rules) * 1:19038 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (malware-cnc.rules) * 1:19039 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Linkbot.alr variant outbound connection (malware-cnc.rules) * 1:19040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linkbot.alr variant outbound connection (malware-cnc.rules) * 1:19041 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.C variant outbound connection (malware-cnc.rules) * 1:19042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.ACQE variant outbound connection (malware-cnc.rules) * 1:19043 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.BestBoan outbound connection (pua-adware.rules) * 1:19044 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.ThinkPoint outbound connection (pua-adware.rules) * 1:19045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.XQ variant outbound connection (malware-cnc.rules) * 1:19046 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.Winwebsec outbound connection (pua-adware.rules) * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules) * 1:19048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkness variant outbound connection (malware-cnc.rules) * 1:19050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra.fxe variant outbound connection (malware-cnc.rules) * 1:19052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (malware-cnc.rules) * 1:19053 <-> ENABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (malware-cnc.rules) * 1:19054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sisron.nelo variant outbound connection (malware-cnc.rules) * 1:19055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (malware-cnc.rules) * 1:19056 <-> ENABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19057 <-> ENABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19058 <-> ENABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (malware-cnc.rules) * 1:19059 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.SystemDefragmenter outbound connection (pua-adware.rules) * 1:19060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ponmocup.A variant outbound connection (malware-cnc.rules) * 1:19061 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Cashtitan contact to server attempt (pua-adware.rules) * 1:19062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakePlus variant outbound connection (malware-cnc.rules) * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (server-other.rules) * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (server-webapp.rules) * 1:19164 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:19206 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:19225 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SerAuxTrend biff record corruption attempt (file-office.rules) * 1:19309 <-> DISABLED <-> PUA-ADWARE hijacker starware videos outbound connection (pua-adware.rules) * 1:19310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen3 variant outbound connection (malware-cnc.rules) * 1:19312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aah variant outbound connection (malware-cnc.rules) * 1:19328 <-> ENABLED <-> MALWARE-CNC PointGuide variant outbound connection (malware-cnc.rules) * 1:19329 <-> DISABLED <-> MALWARE-CNC Faceback.exe variant outbound connection (malware-cnc.rules) * 1:19330 <-> DISABLED <-> MALWARE-CNC Adclicker Win.Trojan.Zlob.dnz variant outbound connection (malware-cnc.rules) * 1:19331 <-> DISABLED <-> MALWARE-CNC Adclicker Win.Trojan.Zlob.dnz variant outbound connection (malware-cnc.rules) * 1:19332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clampi variant outbound connection (malware-cnc.rules) * 1:19339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (malware-cnc.rules) * 1:19340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav TREAntivirus variant outbound connection (malware-cnc.rules) * 1:19341 <-> DISABLED <-> MALWARE-CNC Worm MSIL.AiO.a variant outbound connection (malware-cnc.rules) * 1:19342 <-> DISABLED <-> MALWARE-CNC Adware Professional variant outbound connection (malware-cnc.rules) * 1:19343 <-> DISABLED <-> MALWARE-CNC Adware Pro variant outbound connection (malware-cnc.rules) * 1:19344 <-> DISABLED <-> MALWARE-CNC AntiMalware Pro variant outbound connection (malware-cnc.rules) * 1:19345 <-> DISABLED <-> MALWARE-CNC REAnti variant outbound connection (malware-cnc.rules) * 1:19346 <-> DISABLED <-> MALWARE-CNC Additional Guard variant outbound connection (malware-cnc.rules) * 1:19348 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (malware-cnc.rules) * 1:19349 <-> DISABLED <-> MALWARE-CNC Fakeav Vaccineclear variant outbound connection (malware-cnc.rules) * 1:19351 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (malware-cnc.rules) * 1:19352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.D variant outbound connection (malware-cnc.rules) * 1:19353 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (malware-cnc.rules) * 1:19357 <-> ENABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (malware-cnc.rules) * 1:19358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (malware-cnc.rules) * 1:19359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dcbavict.A variant outbound connection (malware-cnc.rules) * 1:19360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dcbavict.A variant outbound connection (malware-cnc.rules) * 1:19361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dcbavict.A variant outbound connection (malware-cnc.rules) * 1:19363 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot.B variant outbound connection (malware-cnc.rules) * 1:19366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HXWAN.A variant outbound connection (malware-cnc.rules) * 1:19367 <-> DISABLED <-> MALWARE-CNC Win.Worm.Vaubeg.A variant outbound connection (malware-cnc.rules) * 1:19368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.IC variant outbound connection (malware-cnc.rules) * 1:19372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string javasw - Trojan.Banload (malware-cnc.rules) * 1:19391 <-> DISABLED <-> PUA-ADWARE Lost Door v3.0 (pua-adware.rules) * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19393 <-> DISABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tidserv variant outbound connection (malware-cnc.rules) * 1:19395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Monkif.J inbound connection - dest ip infected (malware-cnc.rules) * 1:19396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beastdoor.b variant outbound connection (malware-cnc.rules) * 1:19397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UltimateDefender.xv variant outbound connection (malware-cnc.rules) * 1:19398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BAT.Shutdown.ef variant outbound connection (malware-cnc.rules) * 1:19399 <-> DISABLED <-> MALWARE-CNC Email Worm Win32.Zhelatin.ch variant outbound connection (malware-cnc.rules) * 1:19400 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sddrop.D variant outbound connection (malware-cnc.rules) * 1:19401 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sddrop.D variant outbound connection (malware-cnc.rules) * 1:19402 <-> DISABLED <-> MALWARE-CNC P2P Worm.Win32.Malas.r variant outbound connection (malware-cnc.rules) * 1:19404 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ozdok variant outbound connection (malware-cnc.rules) * 1:19426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Crypter.i variant outbound connection (malware-cnc.rules) * 1:19427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.amjz variant outbound connection (malware-cnc.rules) * 1:19428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Adload.BG variant outbound connection (malware-cnc.rules) * 1:19429 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules) * 1:19433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fujacks.aw variant outbound connection (malware-cnc.rules) * 1:19434 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrCode (malware-cnc.rules) * 1:19435 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (malware-cnc.rules) * 1:19453 <-> DISABLED <-> PUA-ADWARE Sus.BancDI-B trojan outbound connection (pua-adware.rules) * 1:19454 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PWS.Win32.QQPass.IK variant outbound connection (malware-cnc.rules) * 1:19456 <-> DISABLED <-> MALWARE-CNC Packed.Win32.Klone.bj variant outbound connection (malware-cnc.rules) * 1:19457 <-> DISABLED <-> MALWARE-CNC Trojan-Clicker.Win32.Vesloruki.ajb variant outbound connection (malware-cnc.rules) * 1:19458 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules) * 1:19459 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules) * 1:19476 <-> DISABLED <-> MALWARE-CNC Exploit.Win32.SqlShell.r variant outbound connection (malware-cnc.rules) * 1:19477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap.af variant outbound connection (malware-cnc.rules) * 1:19478 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Taterf.B variant outbound connection (malware-cnc.rules) * 1:19479 <-> DISABLED <-> MALWARE-CNC Net-Worm.Win32.Piloyd.m variant outbound connection - request html (malware-cnc.rules) * 1:19480 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules) * 1:19481 <-> DISABLED <-> MALWARE-CNC Email-Worm.Win32.Agent.bx variant outbound connection (malware-cnc.rules) * 1:19482 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules) * 1:19483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reload.fy variant outbound connection (malware-cnc.rules) * 1:19485 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RAV1 (malware-cnc.rules) * 1:19486 <-> DISABLED <-> PUA-ADWARE W32.Fiala.A outbound connection (pua-adware.rules) * 1:19487 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.kih variant outbound connection (malware-cnc.rules) * 1:19488 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Failnum.A variant outbound connection (malware-cnc.rules) * 1:19489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DeAlfa.fa variant outbound connection (malware-cnc.rules) * 1:19490 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (malware-cnc.rules) * 1:19491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Genome.vau variant outbound connection (malware-cnc.rules) * 1:19492 <-> DISABLED <-> MALWARE-CNC Windows System Defender variant outbound connection (malware-cnc.rules) * 1:19493 <-> ENABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (malware-cnc.rules) * 1:19494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Licum variant outbound connection (malware-cnc.rules) * 1:19495 <-> DISABLED <-> MALWARE-CNC Win.Worm.Pilleuz variant outbound connection (malware-cnc.rules) * 1:19554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav Antivirus Xp Pro variant outbound connection (malware-cnc.rules) * 1:19555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules) * 1:19556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Homa variant outbound connection (malware-cnc.rules) * 1:19557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shark.ag variant outbound connection (malware-cnc.rules) * 1:19566 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules) * 1:19567 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules) * 1:19568 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.PerfectKeylogger variant outbound connection (malware-cnc.rules) * 1:19569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perkesh variant outbound connection (malware-cnc.rules) * 1:19570 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ie 11.0 sp6 (malware-cnc.rules) * 1:19571 <-> DISABLED <-> PUA-ADWARE Antivirus Agent Pro outbound connection (pua-adware.rules) * 1:19572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FFSearch variant outbound connection (malware-cnc.rules) * 1:19573 <-> DISABLED <-> MALWARE-CNC Win.Worm.Chiviper.C variant outbound connection (malware-cnc.rules) * 1:19574 <-> DISABLED <-> MALWARE-CNC Win.Worm.Chiviper.C variant outbound connection (malware-cnc.rules) * 1:19575 <-> DISABLED <-> MALWARE-CNC Win.Worm.Emold.U variant outbound connection (malware-cnc.rules) * 1:19576 <-> DISABLED <-> PUA-ADWARE Antivirus Pro 2010 outbound connection (pua-adware.rules) * 1:19577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Dogrobot.E variant outbound connection (malware-cnc.rules) * 1:19578 <-> DISABLED <-> PUA-ADWARE Personal Guard 2009 outbound connection (pua-adware.rules) * 1:19579 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (malware-cnc.rules) * 1:19580 <-> DISABLED <-> MALWARE-CNC Win.Worm.Basun.wsc inbound connection (malware-cnc.rules) * 1:19581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Apher.gpd variant outbound connection (malware-cnc.rules) * 1:19582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Apher.gpd variant outbound connection (malware-cnc.rules) * 1:19583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bumat.rts variant outbound connection (malware-cnc.rules) * 1:19584 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dref.C variant outbound connection (malware-cnc.rules) * 1:19585 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dref.C variant outbound connection - notification (malware-cnc.rules) * 1:19586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Agent.dlg variant outbound connection (malware-cnc.rules) * 1:19587 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sereki.B variant outbound connection (malware-cnc.rules) * 1:19588 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sereki.B successful connection (malware-cnc.rules) * 1:19589 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules) * 1:19590 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (malware-cnc.rules) * 1:19591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Powp.pyv variant outbound connection (malware-cnc.rules) * 1:19592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:19593 <-> DISABLED <-> MALWARE-CNC Win.Worm.Agent.btxm variant outbound connection IRC (malware-cnc.rules) * 1:19594 <-> DISABLED <-> PUA-ADWARE Win32.Fruspam outbound connection (pua-adware.rules) * 1:19595 <-> DISABLED <-> MALWARE-OTHER known malicious email string - You have received a Hallmark E-Card (malware-other.rules) * 1:19596 <-> DISABLED <-> MALWARE-CNC Poison Ivy variant outbound connection (malware-cnc.rules) * 1:19597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cws variant outbound connection (malware-cnc.rules) * 1:19598 <-> DISABLED <-> PUA-ADWARE Infostealer.Gampass outbound connection (pua-adware.rules) * 1:19608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wisscmd.A variant outbound connection (malware-cnc.rules) * 1:19611 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string INet - Win32.Virus.Jusabli.A (malware-cnc.rules) * 1:19612 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Banload.bvk variant outbound connection (malware-cnc.rules) * 1:19613 <-> DISABLED <-> MALWARE-CNC Rogue Software Registry Cleaner Pro variant outbound connection (malware-cnc.rules) * 1:19614 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IRCBot.kkr variant outbound connection (malware-cnc.rules) * 1:19615 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.kkr variant outbound connection (malware-cnc.rules) * 1:19616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Win32.Banbra.mcq variant outbound connection (malware-cnc.rules) * 1:19622 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (malware-cnc.rules) * 1:19623 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (malware-cnc.rules) * 1:19625 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (malware-cnc.rules) * 1:19626 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (malware-cnc.rules) * 1:19627 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (malware-cnc.rules) * 1:19628 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (malware-cnc.rules) * 1:19631 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (malware-cnc.rules) * 1:19632 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (malware-cnc.rules) * 1:19633 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (malware-cnc.rules) * 1:19635 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (malware-cnc.rules) * 1:19636 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (malware-cnc.rules) * 1:19637 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (malware-cnc.rules) * 1:19638 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (malware-cnc.rules) * 1:19652 <-> DISABLED <-> MALWARE-CNC Teevsock C variant outbound connection (malware-cnc.rules) * 1:19654 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.Zbot.wti variant outbound connection (malware-cnc.rules) * 1:19655 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Agent.IK variant outbound connection (malware-cnc.rules) * 1:19656 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Peace.lh variant outbound connection (malware-cnc.rules) * 1:19657 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules) * 1:19658 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (malware-cnc.rules) * 1:19659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soleseq.A variant outbound connection (malware-cnc.rules) * 1:19660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Riern.K variant outbound connection (malware-cnc.rules) * 1:19695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.VB.nec variant outbound connection (malware-cnc.rules) * 1:19696 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot.nng inbound connection (malware-cnc.rules) * 1:19697 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Win32.VB.btm variant outbound connection (malware-cnc.rules) * 1:19698 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prosti.AG variant outbound connection (malware-cnc.rules) * 1:19699 <-> DISABLED <-> MALWARE-CNC TrojanDownloader.Win32.Korklic.A variant outbound connection (malware-cnc.rules) * 1:19700 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.tnr variant outbound connection (malware-cnc.rules) * 1:19701 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hassar.A variant outbound connection (malware-cnc.rules) * 1:19702 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (malware-cnc.rules) * 1:19703 <-> ENABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (malware-cnc.rules) * 1:19704 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19705 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19706 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (malware-cnc.rules) * 1:19711 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:19712 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:19715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.URLZone variant outbound connection (malware-cnc.rules) * 1:19716 <-> DISABLED <-> MALWARE-CNC TrojanSpy.Win32.Banker.OO variant outbound connection (malware-cnc.rules) * 1:19717 <-> DISABLED <-> PUA-ADWARE Virus.Win32.Virut.ce outbound connection (pua-adware.rules) * 1:19718 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Agent.bkap variant outbound connection (malware-cnc.rules) * 1:19719 <-> DISABLED <-> MALWARE-CNC Email-Worm.Win32.Bagle.of variant outbound connection (malware-cnc.rules) * 1:19720 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Onestage.ws variant outbound connection (malware-cnc.rules) * 1:19721 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.mlh variant outbound connection (malware-cnc.rules) * 1:19722 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (malware-cnc.rules) * 1:19723 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (malware-cnc.rules) * 1:19724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:19725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (malware-cnc.rules) * 1:19726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (malware-cnc.rules) * 1:19727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.DI variant outbound connection (malware-cnc.rules) * 1:19728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yayih variant outbound connection (malware-cnc.rules) * 1:19729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yayih variant outbound connection (malware-cnc.rules) * 1:19730 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (malware-cnc.rules) * 1:19731 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (malware-cnc.rules) * 1:19732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (malware-cnc.rules) * 1:19733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.BRU variant outbound connection (malware-cnc.rules) * 1:19739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Apptom variant outbound connection (malware-cnc.rules) * 1:19740 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.aczu variant outbound connection (malware-cnc.rules) * 1:19741 <-> DISABLED <-> MALWARE-OTHER PWS.Win32.Scofted keylogger runtime detection (malware-other.rules) * 1:19742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.atff variant outbound connection (malware-cnc.rules) * 1:19743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon.eqlo variant outbound connection (malware-cnc.rules) * 1:19744 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Deecee.a variant outbound connection (malware-cnc.rules) * 1:19745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudLoad.dyl variant outbound connection (malware-cnc.rules) * 1:19746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.biiw variant outbound connection (malware-cnc.rules) * 1:19747 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.GGDoor.22 variant outbound connection (malware-backdoor.rules) * 1:19748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypt.ULPM.Gen IRC variant outbound connection (malware-cnc.rules) * 1:19749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.chgp variant outbound connection (malware-cnc.rules) * 1:19750 <-> DISABLED <-> MALWARE-CNC PWS.Win32.Zbot.PJ variant outbound connection (malware-cnc.rules) * 1:19751 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Sohanad.bm variant outbound connection (malware-cnc.rules) * 1:19752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:19753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TrojanSpy.Win32.Zbot.gen.C variant outbound connection (malware-cnc.rules) * 1:19754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Delf.RGL variant outbound connection (malware-cnc.rules) * 1:19755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alphabet variant outbound connection (malware-cnc.rules) * 1:19756 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules) * 1:19757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.bqlu variant outbound connection (malware-cnc.rules) * 1:19758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.yw variant outbound connection (malware-cnc.rules) * 1:19759 <-> DISABLED <-> MALWARE-CNC Trojan-PSW.Win32.FireThief.h variant outbound connection (malware-cnc.rules) * 1:19760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arsinfoder variant outbound connection (malware-cnc.rules) * 1:19761 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (malware-cnc.rules) * 1:19762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RDPdoor.AE variant outbound connection (malware-cnc.rules) * 1:19763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RDPdoor.AE variant outbound connection (malware-cnc.rules) * 1:19764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RDPdoor.AE variant outbound connection (malware-cnc.rules) * 1:19765 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:19766 <-> DISABLED <-> MALWARE-CNC Win.Worm.Autorun variant outbound connection (malware-cnc.rules) * 1:19767 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (malware-cnc.rules) * 1:19769 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (malware-cnc.rules) * 1:19770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19772 <-> ENABLED <-> MALWARE-CNC Virus.Win32.Parite.B variant outbound connection (malware-cnc.rules) * 1:19773 <-> DISABLED <-> MALWARE-CNC Virus.Win32.Parite.B variant outbound connection (malware-cnc.rules) * 1:19774 <-> DISABLED <-> MALWARE-CNC Gen-Trojan.Heur variant outbound connection (malware-cnc.rules) * 1:19775 <-> DISABLED <-> PUA-ADWARE PWS.Win32.Ldpinch.gen outbound connection (pua-adware.rules) * 1:19776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent2.guy dropper variant outbound connection (malware-cnc.rules) * 1:19777 <-> DISABLED <-> PUA-ADWARE Fast Antivirus 2009 outbound connection (pua-adware.rules) * 1:19781 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Agent.aqpn variant outbound connection (malware-cnc.rules) * 1:19782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AVKill.bc variant outbound connection (malware-cnc.rules) * 1:19783 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.agcw variant outbound connection (malware-cnc.rules) * 1:19784 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.sde variant outbound connection (malware-cnc.rules) * 1:19785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Malushka.T variant outbound connection (malware-cnc.rules) * 1:19786 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla (malware-cnc.rules) * 1:19787 <-> DISABLED <-> MALWARE-CNC Exploit-PDF.t variant outbound connection (malware-cnc.rules) * 1:19788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.VB.pnc variant outbound connection (malware-cnc.rules) * 1:19789 <-> ENABLED <-> MALWARE-CNC P2P Worm Win.Trojan.SpyBot.pgh variant outbound connection (malware-cnc.rules) * 1:19790 <-> DISABLED <-> MALWARE-CNC P2P Worm Win.Trojan.SpyBot.pgh variant outbound connection (malware-cnc.rules) * 1:19791 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Small.awa variant outbound connection (malware-cnc.rules) * 1:19792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Caxnet.A variant outbound connection (malware-cnc.rules) * 1:19793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.SillyFDC-DS variant outbound connection (malware-cnc.rules) * 1:19794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fnumbot variant outbound connection (malware-cnc.rules) * 1:19795 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV NoAdware variant outbound connection (malware-cnc.rules) * 1:19796 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DL.CashnJoy.A variant outbound connection (malware-cnc.rules) * 1:19797 <-> DISABLED <-> MALWARE-CNC Safety Center variant outbound connection (malware-cnc.rules) * 1:19798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent2.kxu variant outbound connection (malware-cnc.rules) * 1:19799 <-> DISABLED <-> MALWARE-CNC PWS.Win32.Zbot.gen.Q variant outbound connection (malware-cnc.rules) * 1:19800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pher.ij variant outbound connection (malware-cnc.rules) * 1:19801 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:19802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wixud.B variant outbound connection (malware-cnc.rules) * 1:19803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos.FH variant outbound connection (malware-cnc.rules) * 1:19804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.ktq variant outbound connection (malware-cnc.rules) * 1:19805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smser.cx variant outbound connection (malware-cnc.rules) * 1:19819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ertfor.A variant outbound connection (malware-cnc.rules) * 1:19820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ertfor.A variant outbound connection (malware-cnc.rules) * 1:19821 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Bagle.gen.C variant outbound connection (malware-cnc.rules) * 1:19822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.HH variant outbound connection (malware-cnc.rules) * 1:19823 <-> DISABLED <-> PUA-ADWARE Downloader.Banload.AKBB outbound connection (pua-adware.rules) * 1:19824 <-> DISABLED <-> MALWARE-CNC Gen-Trojan.Heur variant outbound connection (malware-cnc.rules) * 1:19825 <-> DISABLED <-> SERVER-APACHE Apache Killer denial of service tool exploit attempt (server-apache.rules) * 1:19827 <-> DISABLED <-> PUA-ADWARE PWS-QQGame outbound connection (pua-adware.rules) * 1:19828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyAgent.B variant outbound connection (malware-cnc.rules) * 1:19829 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbot.gen variant outbound connection (malware-cnc.rules) * 1:19830 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poebot.BP variant outbound connection (malware-cnc.rules) * 1:19831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.SO variant outbound connection (malware-cnc.rules) * 1:19832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veslorn.gen.A variant outbound connection (malware-cnc.rules) * 1:19833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.bda variant outbound connection (malware-cnc.rules) * 1:19834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZBot.RD variant outbound connection (malware-cnc.rules) * 1:19835 <-> DISABLED <-> PUA-ADWARE Delphi-Piette Windows (pua-adware.rules) * 1:19836 <-> DISABLED <-> MALWARE-CNC Spy-Net 0.7 runtime (malware-cnc.rules) * 1:19837 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules) * 1:19838 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules) * 1:19839 <-> DISABLED <-> PUA-ADWARE Antivirus XP 2008 runtime detection (pua-adware.rules) * 1:19840 <-> DISABLED <-> PUA-ADWARE XP Antispyware 2009 outbound connection (pua-adware.rules) * 1:19841 <-> DISABLED <-> PUA-ADWARE 0desa MSN password stealer (pua-adware.rules) * 1:19842 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules) * 1:19843 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules) * 1:19848 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (pua-adware.rules) * 1:19849 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (pua-adware.rules) * 1:19850 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.qgg variant outbound connection (malware-cnc.rules) * 1:19851 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.qgg variant outbound connection (malware-cnc.rules) * 1:19852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Delf.tbv variant outbound connection (malware-cnc.rules) * 1:19853 <-> DISABLED <-> PUA-ADWARE Wowpa KI outbound connection (pua-adware.rules) * 1:19856 <-> DISABLED <-> MALWARE-CNC Packed.Win32.Krap.i variant outbound connection (malware-cnc.rules) * 1:19857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon.hhbd variant outbound connection - Windows (malware-cnc.rules) * 1:19858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon.hhbd variant outbound connection - non-Windows (malware-cnc.rules) * 1:19859 <-> DISABLED <-> PUA-ADWARE XP Deluxe Protector outbound connection (pua-adware.rules) * 1:19860 <-> DISABLED <-> PUA-ADWARE Trust Warrior outbound connection (pua-adware.rules) * 1:19861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cqcv variant outbound connection (malware-cnc.rules) * 1:19862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar.iej variant outbound connection (malware-cnc.rules) * 1:19863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.yi variant outbound connection (malware-cnc.rules) * 1:19864 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (malware-cnc.rules) * 1:19865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arhost.D variant outbound connection (malware-cnc.rules) * 1:19895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.jwh variant outbound connection (malware-cnc.rules) * 1:19896 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Install Detection (pua-adware.rules) * 1:19897 <-> DISABLED <-> PUA-TOOLBARS Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Runtime Detection (pua-toolbars.rules) * 1:19898 <-> DISABLED <-> MALWARE-CNC Cinmus Variant variant outbound connection (malware-cnc.rules) * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules) * 1:19900 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (malware-other.rules) * 1:19901 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (malware-other.rules) * 1:19902 <-> DISABLED <-> PUA-ADWARE Targetedbanner.biz Adrotator outbound connection (pua-adware.rules) * 1:19903 <-> DISABLED <-> PUA-ADWARE Win32.Agent.vvm outbound connection (pua-adware.rules) * 1:19904 <-> DISABLED <-> PUA-ADWARE WinReanimator outbound connection (pua-adware.rules) * 1:19905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.jog variant outbound connection (malware-cnc.rules) * 1:19906 <-> DISABLED <-> PUA-TOOLBARS 6SQ Toolbar runtime detection (pua-toolbars.rules) * 1:19912 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (malware-cnc.rules) * 1:19913 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (malware-cnc.rules) * 1:19914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quivoe.A variant outbound connection (malware-cnc.rules) * 1:19915 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler.apd variant outbound connection (malware-cnc.rules) * 1:19916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.ACB variant outbound connection (malware-cnc.rules) * 1:19917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sogu.A variant outbound connection (malware-cnc.rules) * 1:19918 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ganelp.B variant outbound connection (malware-cnc.rules) * 1:19919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murcy.A variant outbound connection (malware-cnc.rules) * 1:19920 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reppserv.A outbond connection (malware-cnc.rules) * 1:19921 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puprlehzae.A variant outbound connection (malware-cnc.rules) * 1:19922 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz.ivr variant outbound connection (malware-cnc.rules) * 1:19923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Venik.B variant outbound connection (malware-cnc.rules) * 1:19924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spidern.A variant outbound connection (malware-cnc.rules) * 1:19927 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19928 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19929 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19930 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lineage.Gen.Pac.3 variant outbound connection (malware-cnc.rules) * 1:19934 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MYURL (malware-cnc.rules) * 1:19935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Delf.aba variant outbound connection (malware-cnc.rules) * 1:19936 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Delf.aba variant outbound connection (malware-cnc.rules) * 1:19939 <-> DISABLED <-> PUA-ADWARE WeatherStudio outbound connection (pua-adware.rules) * 1:19940 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.IRC.TKB variant outbound connection - dir4you (malware-cnc.rules) * 1:19941 <-> DISABLED <-> MALWARE-CNC TrojanSpy Win.Trojan.Zbot.Gen variant outbound connection (malware-cnc.rules) * 1:19942 <-> DISABLED <-> MALWARE-CNC TrojanSpy Win.Trojan.Zbot.Gen variant outbound connection (malware-cnc.rules) * 1:19944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Banload.ykl variant outbound connection (malware-cnc.rules) * 1:19945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Agent.amwd variant outbound connection (malware-cnc.rules) * 1:19946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Agent.amwd variant outbound connection (malware-cnc.rules) * 1:19947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.amwd variant outbound connection (malware-cnc.rules) * 1:19948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.asjk variant outbound connection (malware-cnc.rules) * 1:19949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.asjk variant outbound connection (malware-cnc.rules) * 1:19950 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Defsel inbound connection (malware-cnc.rules) * 1:19951 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Defsel variant outbound connection (malware-cnc.rules) * 1:19952 <-> ENABLED <-> MALWARE-CNC Biodox inbound connection (malware-cnc.rules) * 1:19953 <-> DISABLED <-> MALWARE-CNC Biodox variant outbound connection (malware-cnc.rules) * 1:19954 <-> DISABLED <-> MALWARE-CNC Hack Style RAT variant outbound connection (malware-cnc.rules) * 1:19955 <-> DISABLED <-> MALWARE-CNC PaiN RAT 0.1 variant outbound connection (malware-cnc.rules) * 1:19957 <-> DISABLED <-> MALWARE-CNC Arabian-Attacker 1.1.0 variant outbound connection (malware-cnc.rules) * 1:19958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aulk variant outbound connection (malware-cnc.rules) * 1:19959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aulk variant outbound connection (malware-cnc.rules) * 1:19960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aulk variant outbound connection (malware-cnc.rules) * 1:19961 <-> DISABLED <-> MALWARE-CNC Fouad 1.0 variant outbound connection (malware-cnc.rules) * 1:19962 <-> DISABLED <-> MALWARE-CNC Email-Worm.CryptBox-A variant outbound connection (malware-cnc.rules) * 1:19963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Banload.aajs variant outbound connection (malware-cnc.rules) * 1:19965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Agent.avzz variant outbound connection (malware-cnc.rules) * 1:19966 <-> DISABLED <-> MALWARE-CNC Octopus 0.1 inbound connection (malware-cnc.rules) * 1:19967 <-> DISABLED <-> MALWARE-CNC Trojan-PSW.Win32.Papras.dm variant outbound connection (malware-cnc.rules) * 1:19968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PSW.QQPass.amx variant outbound connection (malware-cnc.rules) * 1:19969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypt.CY variant outbound connection (malware-cnc.rules) * 1:19970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smalltroj.MHYR variant outbound connection (malware-cnc.rules) * 1:19971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop.lj variant outbound connection (malware-cnc.rules) * 1:19973 <-> DISABLED <-> MALWARE-CNC Worm.Win.Trojan.Nebuler.D variant outbound connection (malware-cnc.rules) * 1:19974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.bwj variant outbound connection (malware-cnc.rules) * 1:19975 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypt.vb variant outbound connection (malware-cnc.rules) * 1:19977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LooksLike.Zaplot variant outbound connection (malware-cnc.rules) * 1:19979 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (malware-cnc.rules) * 1:19980 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (malware-cnc.rules) * 1:19981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micstus.A runtime traffic detected (malware-cnc.rules) * 1:19982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.wwe variant outbound connection (malware-cnc.rules) * 1:19983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolabc.fic variant outbound connection (malware-cnc.rules) * 1:19984 <-> DISABLED <-> PUA-ADWARE Antivirus 2010 outbound connection (pua-adware.rules) * 1:19987 <-> DISABLED <-> PUA-ADWARE PCLiveGuard outbound connection (pua-adware.rules) * 1:19988 <-> DISABLED <-> MALWARE-CNC Asprox variant outbound connection (malware-cnc.rules) * 1:19989 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules) * 1:19990 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules) * 1:19991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PG runtime traffic detected (malware-cnc.rules) * 1:19992 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Farfli.A runtime traffic detected (malware-cnc.rules) * 1:19993 <-> DISABLED <-> MALWARE-CNC Win32 Poebot runtime traffic detected (malware-cnc.rules) * 1:19994 <-> DISABLED <-> PUA-ADWARE Antivirus 360 outbound connection (pua-adware.rules) * 1:19995 <-> ENABLED <-> MALWARE-CNC Waledac variant outbound connection (malware-cnc.rules) * 1:19996 <-> DISABLED <-> MALWARE-CNC Worm Brontok.C variant outbound connection (malware-cnc.rules) * 1:19997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PSW.Win32.QQPass.gam variant outbound connection (malware-cnc.rules) * 1:19998 <-> ENABLED <-> PUA-ADWARE IP address disclosure to advertisement sites attempt (pua-adware.rules) * 1:19999 <-> DISABLED <-> PUA-ADWARE ThreatNuker outbound connection (pua-adware.rules) * 1:20001 <-> ENABLED <-> MALWARE-CNC Allaple.e variant outbound connection (malware-cnc.rules) * 1:20002 <-> DISABLED <-> MALWARE-CNC Allaple.e variant outbound connection (malware-cnc.rules) * 1:20003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy Pilonoc runtime traffic detected (malware-cnc.rules) * 1:20004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy Pilonoc install-time traffic detected (malware-cnc.rules) * 1:20005 <-> DISABLED <-> MALWARE-CNC Win32 Lecna.cr runtime traffic detected (malware-cnc.rules) * 1:20006 <-> DISABLED <-> MALWARE-CNC Worm Plurp.A runtime traffic detected (malware-cnc.rules) * 1:20007 <-> DISABLED <-> PUA-ADWARE Cinmus.asaq outbound connection (pua-adware.rules) * 1:20008 <-> DISABLED <-> MALWARE-CNC Malware PDFMarca.A runtime traffic detected (malware-cnc.rules) * 1:20009 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules) * 1:20010 <-> DISABLED <-> MALWARE-CNC Win32/Babmote.A runtime TCP traffic detected (malware-cnc.rules) * 1:20011 <-> ENABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (malware-cnc.rules) * 1:20012 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules) * 1:20014 <-> DISABLED <-> MALWARE-CNC Kaju variant outbound connection - confirmation (malware-cnc.rules) * 1:20015 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:20016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:20017 <-> DISABLED <-> MALWARE-CNC Win.Worm.Koobface.dq variant outbound connection (malware-cnc.rules) * 1:20018 <-> DISABLED <-> MALWARE-CNC Win.Worm.Autorun variant outbound connection (malware-cnc.rules) * 1:20019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test (malware-cnc.rules) * 1:20021 <-> ENABLED <-> MALWARE-CNC Win.Worm.Brontok user-agent outbound connection (malware-cnc.rules) * 1:20022 <-> DISABLED <-> MALWARE-CNC Win.Worm.Padobot.z variant outbound connection (malware-cnc.rules) * 1:20023 <-> DISABLED <-> MALWARE-CNC Advanced Virus Remover variant outbound connection (malware-cnc.rules) * 1:20024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dreamy.bc variant outbound connection (malware-cnc.rules) * 1:20025 <-> DISABLED <-> PUA-ADWARE VirusBye outbound connection (pua-adware.rules) * 1:20026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Banker.abg.b variant outbound connection (malware-cnc.rules) * 1:20028 <-> DISABLED <-> MALWARE-CNC Windows Antivirus Pro variant outbound connection (malware-cnc.rules) * 1:20034 <-> DISABLED <-> FILE-OTHER ESTsoft ALZip MIM file buffer overflow attempt (file-other.rules) * 1:20035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Coinbit.A runtime traffic detected (malware-cnc.rules) * 1:20036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Agent.ndau runtime traffic detected (malware-cnc.rules) * 1:20037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (malware-cnc.rules) * 1:20038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (malware-cnc.rules) * 1:20039 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Hardcore Software (malware-cnc.rules) * 1:20040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KSpyPro.A variant outbound connection (malware-cnc.rules) * 1:20041 <-> DISABLED <-> PUA-ADWARE Adware.BB outbound connection (pua-adware.rules) * 1:20042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal outbond connection (malware-cnc.rules) * 1:20043 <-> DISABLED <-> MALWARE-CNC Adware Kraddare.AZ variant outbound connection (malware-cnc.rules) * 1:20057 <-> DISABLED <-> MALWARE-CNC BitCoin Miner IP query (malware-cnc.rules) * 1:20063 <-> DISABLED <-> PUA-ADWARE SecurityTool outbound connection (pua-adware.rules) * 1:20064 <-> DISABLED <-> MALWARE-CNC Malware Win.Trojan.Clemag.A variant outbound connection (malware-cnc.rules) * 1:20066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 SensLiceld.A runtime traffic detected (malware-cnc.rules) * 1:20067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Zatvex.A runtime traffic detected (malware-cnc.rules) * 1:20068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jetilms.A runtime activity detected (malware-cnc.rules) * 1:20069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.alhq runtime traffic detected (malware-cnc.rules) * 1:20074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.iseee variant outbound connection (malware-cnc.rules) * 1:20075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill.abl variant outbound connection (malware-cnc.rules) * 1:20076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agobot.ast variant outbound connection (malware-cnc.rules) * 1:20077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agobot.ast variant outbound connection (malware-cnc.rules) * 1:20078 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Russkill.C variant outbound connection (malware-cnc.rules) * 1:20079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Russkill.C variant outbound connection (malware-cnc.rules) * 1:20080 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (malware-cnc.rules) * 1:20081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (malware-cnc.rules) * 1:20082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inject.raw variant outbound connection (malware-cnc.rules) * 1:20083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fucobha.A variant outbound connection (malware-cnc.rules) * 1:20085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veebuu.BX variant outbound connection (malware-cnc.rules) * 1:20086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.ABY variant outbound connection (malware-cnc.rules) * 1:20087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.FGU variant outbound connection (malware-cnc.rules) * 1:20088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emudbot.A variant outbound connection (malware-cnc.rules) * 1:20096 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent.dcir variant outbound connection (malware-cnc.rules) * 1:20097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.dcir infected host at destination ip (malware-cnc.rules) * 1:20098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KeyLogger.wav variant outbound connection (malware-cnc.rules) * 1:20099 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules) * 1:20104 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules) * 1:20105 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules) * 1:20106 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules) * 1:20107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Small.Cns variant outbound connection (malware-cnc.rules) * 1:20108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Pher variant outbound connection (malware-cnc.rules) * 1:20109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zombie.sm variant outbound connection (malware-cnc.rules) * 1:20123 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (file-office.rules) * 1:20128 <-> DISABLED <-> FILE-OFFICE Microsoft Office invalid MS-OGRAPH DataFormat buffer overflow attempt (file-office.rules) * 1:20179 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt (server-webapp.rules) * 1:20180 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt (server-webapp.rules) * 1:20202 <-> ENABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (malware-cnc.rules) * 1:20204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Taidoor variant outbound connection (malware-cnc.rules) * 1:20205 <-> DISABLED <-> MALWARE-CNC Win32/Poison beaconing request (malware-cnc.rules) * 1:20213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:20217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramagedos.A variant outbound connection (malware-cnc.rules) * 1:20218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramagedos.A variant outbound connection (malware-cnc.rules) * 1:20219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ToriaSpy.A variant outbound connection (malware-cnc.rules) * 1:20220 <-> DISABLED <-> PUA-ADWARE Adware.Wizpop outbound connection (pua-adware.rules) * 1:20221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:20222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Payazol.B variant outbound connection (malware-cnc.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:20224 <-> DISABLED <-> FILE-MULTIMEDIA MPlayer SMI file buffer overflow attempt (file-multimedia.rules) * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules) * 1:20226 <-> DISABLED <-> FILE-OTHER MPlayer SMI file buffer overflow attempt (file-other.rules) * 1:20228 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules) * 1:20229 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (malware-cnc.rules) * 1:20230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules) * 1:20231 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules) * 1:20232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules) * 1:20233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules) * 1:20234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ceckno.cmz runtime traffic detected (malware-cnc.rules) * 1:20235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AdobeReader.Uz runtime traffic detected (malware-cnc.rules) * 1:20252 <-> DISABLED <-> MALWARE-CNC DroidKungFu check-in (malware-cnc.rules) * 1:20280 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20281 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doschald.A variant outbound connection (malware-cnc.rules) * 1:20290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doschald.A inbound connection (malware-cnc.rules) * 1:20291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mybios.A variant outbound connection (malware-cnc.rules) * 1:20292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FresctSpy.A variant outbound connection (malware-cnc.rules) * 1:20293 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules) * 1:20387 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules) * 1:20388 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules) * 1:20428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zewit.A variant outbound connection (malware-cnc.rules) * 1:20429 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules) * 1:20431 <-> DISABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (file-other.rules) * 1:20433 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 anutayadokalug host outbound connection (pua-adware.rules) * 1:20434 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 proantivirus21 host runtime traffic detection (pua-adware.rules) * 1:20435 <-> DISABLED <-> MALWARE-CNC TrojanSpy Win.Trojan.Zbot.Svr runtime traffic detected (malware-cnc.rules) * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:20447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.JAAK variant outbound connection (malware-cnc.rules) * 1:20448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meciv.A variant outbound connection (malware-cnc.rules) * 1:20449 <-> DISABLED <-> MALWARE-CNC Win.Worm.Busifom.A variant outbound connection (malware-cnc.rules) * 1:20525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duqu variant outbound connection (malware-cnc.rules) * 1:20527 <-> ENABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (malware-cnc.rules) * 1:20528 <-> DISABLED <-> SERVER-APACHE Apache mod_proxy reverse proxy information disclosure attempt (server-apache.rules) * 1:20558 <-> ENABLED <-> EXPLOIT-KIT URI request for known malicious URI /stat2.php (exploit-kit.rules) * 1:20559 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI file buffer overflow attempt (file-multimedia.rules) * 1:20561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PWSBanker.SHE variant outbound connection (malware-cnc.rules) * 1:20562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PWSBanker.SHE variant outbound connection (malware-cnc.rules) * 1:20565 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules) * 1:20566 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules) * 1:20569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.kb variant outbound connection (malware-cnc.rules) * 1:20570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.kb variant outbound connection (malware-cnc.rules) * 1:20571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.kb variant outbound connection (malware-cnc.rules) * 1:20587 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larchik.A variant outbound connection (malware-cnc.rules) * 1:20595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ixeshe.F variant outbound connection (malware-cnc.rules) * 1:20596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outbound connection (malware-cnc.rules) * 1:20597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outbound connection (malware-cnc.rules) * 1:20598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outbound connection (malware-cnc.rules) * 1:20599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outbound connection (malware-cnc.rules) * 1:20604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus.isqy variant outbound connection (malware-cnc.rules) * 1:20605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.R2d2.A contact to cnc server (malware-cnc.rules) * 1:20606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Domsingx.A variant outbound connection (malware-cnc.rules) * 1:20619 <-> DISABLED <-> SERVER-WEBAPP CoreHTTP Long buffer overflow attempt (server-webapp.rules) * 1:20620 <-> DISABLED <-> SERVER-WEBAPP CoreHTTP Long buffer overflow attempt (server-webapp.rules) * 1:20622 <-> DISABLED <-> FILE-JAVA Oracle Java Applet remote code execution attempt (file-java.rules) * 1:20626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shylock.A variant outbound connection (malware-cnc.rules) * 1:20627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shylock.A C&C server response (malware-cnc.rules) * 1:20628 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt (server-webapp.rules) * 1:20630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winnti.A contact to cnc server (malware-cnc.rules) * 1:20632 <-> DISABLED <-> SERVER-WEBAPP AnnoncesV annonce.php remote file include attempt (server-webapp.rules) * 1:20635 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt (server-webapp.rules) * 1:20636 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:20637 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:20639 <-> DISABLED <-> MALWARE-CNC Malware Win.Trojan.Higest.N variant outbound connection (malware-cnc.rules) * 1:20659 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:20661 <-> DISABLED <-> MALWARE-CNC Simbda variant outbound connection (malware-cnc.rules) * 1:20668 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - /content/v1.jar (exploit-kit.rules) * 1:20669 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - w.php?f= (exploit-kit.rules) * 1:20676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.EggDrop.acn variant outbound connection (malware-cnc.rules) * 1:20677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.EggDrop.acn variant outbound connection (malware-cnc.rules) * 1:20678 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Genome.aior variant outbound connection (malware-cnc.rules) * 1:20679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syrutrk variant outbound connection (malware-cnc.rules) * 1:20680 <-> DISABLED <-> SERVER-WEBAPP Flashchat aedating4CMS.php remote file include attempt (server-webapp.rules) * 1:20681 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Agent.NMS variant outbound connection (malware-cnc.rules) * 1:20682 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Agent.NMS variant outbound connection (malware-cnc.rules) * 1:20683 <-> DISABLED <-> MALWARE-CNC Cleanvaccine variant outbound connection (malware-cnc.rules) * 1:20684 <-> DISABLED <-> MALWARE-CNC Cleanvaccine variant outbound connection (malware-cnc.rules) * 1:20685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heloag.A variant outbound connection (malware-cnc.rules) * 1:20686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut.BM connect to client (malware-cnc.rules) * 1:20687 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Genome.akhg variant outbound connection (malware-cnc.rules) * 1:20688 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.Zbot.Jeib variant outbound connection (malware-cnc.rules) * 1:20689 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.Zbot.Jeib variant outbound connection (malware-cnc.rules) * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:20693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackcontrol.A variant outbound connection (malware-cnc.rules) * 1:20694 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SSonce.A variant outbound connection (malware-cnc.rules) * 1:20695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.GZW connect to cnc server (malware-cnc.rules) * 1:20696 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom.CK connect to cnc server (malware-cnc.rules) * 1:20697 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom.CK connect to cnc server (malware-cnc.rules) * 1:20722 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:20728 <-> DISABLED <-> SERVER-WEBAPP WoW Roster remote file include with hslist.php and conf.php attempt (server-webapp.rules) * 1:20731 <-> DISABLED <-> SERVER-WEBAPP TSEP tsep_config absPath parameter PHP remote file include attempt (server-webapp.rules) * 1:20752 <-> DISABLED <-> PUA-ADWARE Win32.GameVance outbound connection (pua-adware.rules) * 1:20753 <-> DISABLED <-> PUA-ADWARE Win32.GamePlayLabs outbound connection (pua-adware.rules) * 1:20754 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (malware-cnc.rules) * 1:20755 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (malware-cnc.rules) * 1:20756 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:20759 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (malware-cnc.rules) * 1:20762 <-> ENABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (malware-cnc.rules) * 1:20830 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra.amdu variant outbound connection (malware-cnc.rules) * 1:20831 <-> ENABLED <-> FILE-JAVA Oracle Java Applet Rhino script engine remote code execution attempt (file-java.rules) * 1:20836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy.A runtime traffic detected (malware-cnc.rules) * 1:20837 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (malware-cnc.rules) * 1:20838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smokebot.A runtime traffic detected (malware-cnc.rules) * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:20844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.smxy runtime traffic detected (malware-cnc.rules) * 1:20845 <-> DISABLED <-> SERVER-WEBAPP HP Network Node Manager cross site scripting attempt (server-webapp.rules) * 1:20877 <-> DISABLED <-> MALWARE-CNC RunTime Worm.Win32.Warezov.gs variant outbound connection (malware-cnc.rules) * 1:20890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.adbp runtime traffic detected (malware-cnc.rules) * 1:20891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.adbp runtime traffic detected (malware-cnc.rules) * 1:20892 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Skopvel.A runtime traffic detected (malware-cnc.rules) * 1:20927 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (malware-cnc.rules) * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (policy-other.rules) * 1:21051 <-> DISABLED <-> SERVER-WEBAPP Apple OSX software update command execution attempt (server-webapp.rules) * 1:21055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Utka.A variant outbound connection (malware-cnc.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules) * 1:21058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AutoIt.pm runtime traffic detected (malware-cnc.rules) * 1:21065 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Edituser cross site scripting attempt (server-webapp.rules) * 1:21066 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Systemdashboard cross site scripting attempt (server-webapp.rules) * 1:21067 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager TOC_simple cross site scripting attempt (server-webapp.rules) * 1:21082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules) * 1:21083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (file-office.rules) * 1:21087 <-> DISABLED <-> MALWARE-CNC Bindow.Worm runtime traffic detected (malware-cnc.rules) * 1:21093 <-> DISABLED <-> FILE-MULTIMEDIA A-PDF Wav to mp3 converter buffer overfow (file-multimedia.rules) * 1:21100 <-> DISABLED <-> PROTOCOL-RPC Novell Netware xdr decode string length buffer overflow attempt (protocol-rpc.rules) * 1:21107 <-> DISABLED <-> FILE-MULTIMEDIA MJM Quickplayer s3m buffer overflow (file-multimedia.rules) * 1:21112 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules) * 1:21116 <-> DISABLED <-> FILE-OTHER Cisco Webex selector and size2 subrecords corruption attempt (file-other.rules) * 1:21122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandok.zp runtime traffic detected (malware-cnc.rules) * 1:21123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flymux.A runtime traffic detected (malware-cnc.rules) * 1:21124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki.A runtime traffic detected (malware-cnc.rules) * 1:21125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alureon.DG runtime traffic detected (malware-cnc.rules) * 1:21126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koutodoor.C runtime traffic detected (malware-cnc.rules) * 1:21127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Setfic.A runtime traffic detected (malware-cnc.rules) * 1:21128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dromedan.A runtime traffic detected (malware-cnc.rules) * 1:21142 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules) * 1:21143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules) * 1:21144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules) * 1:21145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neraweq.A runtime traffic detected (malware-cnc.rules) * 1:21151 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stegae.A runtime traffic detected (malware-cnc.rules) * 1:21160 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:21169 <-> DISABLED <-> PUA-ADWARE Apperhand SDK advertising data request - Counterclank (pua-adware.rules) * 1:21170 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:21175 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules) * 1:21176 <-> DISABLED <-> PUA-ADWARE Win32.WindowsOptimizationAndSecurity outbound connection (pua-adware.rules) * 1:21177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ganipin.A inbound connection (malware-cnc.rules) * 1:21178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Chekafe.A variant outbound connection (malware-cnc.rules) * 1:21179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coofus.RFM variant outbound connection (malware-cnc.rules) * 1:21180 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Magania.clfv variant outbound connection (malware-cnc.rules) * 1:21181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.czgu variant outbound connection (malware-cnc.rules) * 1:21182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MeSub.ac variant outbound connection (malware-cnc.rules) * 1:21183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.alfu variant outbound connection (malware-cnc.rules) * 1:21184 <-> DISABLED <-> PUA-ADWARE Internet Security 2010 outbound connection (pua-adware.rules) * 1:21185 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Kufgal.A inbound connection (malware-cnc.rules) * 1:21187 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xlahlah.A variant outbound connection (malware-cnc.rules) * 1:21192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syswrt.dvd variant outbound connection (malware-cnc.rules) * 1:21193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalbot.A variant outbound connection (malware-cnc.rules) * 1:21194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst.A variant outbound connection (malware-cnc.rules) * 1:21195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Protux.B variant outbound connection (malware-cnc.rules) * 1:21196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw.A variant outbound connection (malware-cnc.rules) * 1:21197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw.A variant outbound connection (malware-cnc.rules) * 1:21198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qinubot.A variant outbound connection (malware-cnc.rules) * 1:21199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qinubot.A variant outbound connection (malware-cnc.rules) * 1:21202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scapzilla.A variant outbound connection (malware-cnc.rules) * 1:21203 <-> DISABLED <-> MALWARE-CNC Virus Win.Trojan.Induc.B variant outbound connection (malware-cnc.rules) * 1:21204 <-> DISABLED <-> MALWARE-CNC Virus Win.Trojan.Induc.B variant outbound connection (malware-cnc.rules) * 1:21205 <-> DISABLED <-> MALWARE-CNC Virus Win.Trojan.Induc.B variant outbound connection (malware-cnc.rules) * 1:21206 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules) * 1:21207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dekara.A variant outbound connection (malware-cnc.rules) * 1:21208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (malware-cnc.rules) * 1:21209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enviserv.A variant outbound connection (malware-cnc.rules) * 1:21210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rallovs.A variant outbound connection (malware-cnc.rules) * 1:21211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.slrj variant outbound connection (malware-cnc.rules) * 1:21212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon.nkor variant outbound connection (malware-cnc.rules) * 1:21213 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Cridex.B variant outbound connection (malware-cnc.rules) * 1:21214 <-> DISABLED <-> SERVER-APACHE Apache server mod_proxy reverse proxy bypass attempt (server-apache.rules) * 1:21215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Am variant outbound connection (malware-cnc.rules) * 1:21216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Am variant outbound connection (malware-cnc.rules) * 1:21217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Am variant outbound connection (malware-cnc.rules) * 1:21218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodager.C variant outbound connection (malware-cnc.rules) * 1:21219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysckbc variant outbound connection (malware-cnc.rules) * 1:21220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Susnatache.A inbound connection (malware-cnc.rules) * 1:21221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Susnatache.A variant outbound connection (malware-cnc.rules) * 1:21222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kcahneila.A variant outbound connection (malware-cnc.rules) * 1:21223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gyplit.A variant outbound connection (malware-cnc.rules) * 1:21224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MacOS.DevilRobber.A variant outbound connection (malware-cnc.rules) * 1:21225 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules) * 1:21226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Louisdreyfu.A variant outbound connection (malware-cnc.rules) * 1:21227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulknet variant outbound connection (malware-cnc.rules) * 1:21228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerberat variant outbound connection (malware-cnc.rules) * 1:21229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Synljdos variant outbound connection (malware-cnc.rules) * 1:21230 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules) * 1:21243 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:21249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBasddsa.A runtime traffic detected (malware-cnc.rules) * 1:21250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBasddsa.A runtime traffic detected (malware-cnc.rules) * 1:21251 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sirefef.P variant outbound connection (malware-cnc.rules) * 1:21252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sirefef.P variant outbound connection (malware-cnc.rules) * 1:21253 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:21254 <-> DISABLED <-> FILE-PDF Foxit Reader createDataObject file write attempt (file-pdf.rules) * 1:21273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tusha variant runtime traffic detected (malware-cnc.rules) * 1:21274 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tusha variant runtime traffic detected (malware-cnc.rules) * 1:21277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shexie.A runtime traffic detected (malware-cnc.rules) * 1:21278 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules) * 1:21279 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot.s runtime traffic detected (malware-cnc.rules) * 1:21280 <-> DISABLED <-> MALWARE-CNC Win32 Turkojan.C runtime traffic detected (malware-cnc.rules) * 1:21289 <-> DISABLED <-> OS-WINDOWS Microsoft Color Control Panel STI.dll dll-load exploit attempt (os-windows.rules) * 1:21290 <-> DISABLED <-> OS-WINDOWS Microsoft Color Control Panel STI.dll dll-load exploit attempt (os-windows.rules) * 1:21294 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancodor.be runtime traffic detected (malware-cnc.rules) * 1:21303 <-> DISABLED <-> MALWARE-CNC Win32 Initor.ag runtime traffic detected (malware-cnc.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21378 <-> DISABLED <-> SERVER-OTHER Novell iPrint attributes-natural-language buffer overflow attempt (server-other.rules) * 1:21379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome.Amqj runtime traffic detected (malware-cnc.rules) * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules) * 1:21381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dialer.ngb runtime traffic detected (malware-cnc.rules) * 1:21382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host setting3.yeahost.com runtime traffic detected (malware-cnc.rules) * 1:21383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host 9999mb.com runtime traffic detected (malware-cnc.rules) * 1:21384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host freewebs.com runtime traffic detected (malware-cnc.rules) * 1:21386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wadolin.A runtime traffic detected (malware-cnc.rules) * 1:21387 <-> DISABLED <-> FILE-JAVA Oracle Java runtime RMIConnectionImpl deserialization execution attempt (file-java.rules) * 1:21390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agobot.dl runtime traffic detected (malware-cnc.rules) * 1:21391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.dcac runtime traffic detected (malware-cnc.rules) * 1:21393 <-> DISABLED <-> FILE-MULTIMEDIA Magix Musik Maker 16 buffer overflow attempt (file-multimedia.rules) * 1:21397 <-> DISABLED <-> FILE-MULTIMEDIA MicroP mppl stack buffer overflow (file-multimedia.rules) * 1:21413 <-> DISABLED <-> FILE-OTHER PeaZip command injection attempt (file-other.rules) * 1:21418 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (malware-cnc.rules) * 1:21421 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC authority response record overflow attempt (protocol-dns.rules) * 1:21464 <-> DISABLED <-> MALWARE-CNC Downloader-CEW.b runtime traffic detected (malware-cnc.rules) * 1:21466 <-> DISABLED <-> MALWARE-CNC Autorun.BDS runtime traffic detected (malware-cnc.rules) * 1:21469 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules) * 1:21473 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameThief variant outbound connection (malware-cnc.rules) * 1:21477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noobot variant outbound connection (malware-cnc.rules) * 1:21486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules) * 1:21491 <-> DISABLED <-> PROTOCOL-SCADA Sielco Sistemi Winlog Pro stack buffer overflow attempt (protocol-scada.rules) * 1:21495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vilsel variant outbound connection (malware-cnc.rules) * 1:21496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saeeka variant outbound connection (malware-cnc.rules) * 1:21497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saeeka variant outbound connection (malware-cnc.rules) * 1:21511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vaxpy variant outbound connection (malware-cnc.rules) * 1:21520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules) * 1:21521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob update connection (malware-cnc.rules) * 1:21527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader registration connection detection (malware-cnc.rules) * 1:21528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader keep-alive connection detection (malware-cnc.rules) * 1:21557 <-> DISABLED <-> FILE-OTHER Apple OSX ZIP archive shell script execution attempt (file-other.rules) * 1:21563 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21564 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules) * 1:21566 <-> DISABLED <-> OS-WINDOWS Microsoft Expression Design wintab32.dll dll-load exploit attempt (os-windows.rules) * 1:21595 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization request detection (os-mobile.rules) * 1:21596 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization response detection (os-mobile.rules) * 1:21597 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging request detection (os-mobile.rules) * 1:21598 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging response detection (os-mobile.rules) * 1:21609 <-> DISABLED <-> SERVER-WEBAPP SurgeMail webmail.exe page format string exploit attempt (server-webapp.rules) * 1:21669 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk missing SIP version denial of service attempt (protocol-voip.rules) * 1:21760 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:21761 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules) * 1:2179 <-> DISABLED <-> PROTOCOL-FTP PASS format string attempt (protocol-ftp.rules) * 1:21858 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (file-pdf.rules) * 1:21859 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (file-pdf.rules) * 1:21913 <-> DISABLED <-> SERVER-OTHER EMC data protection advisor DOS attempt (server-other.rules) * 1:21914 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (server-other.rules) * 1:21922 <-> DISABLED <-> FILE-OTHER VLC mms hostname buffer overflow attempt (file-other.rules) * 1:21947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VicSpy.A variant outbound connection (malware-cnc.rules) * 1:21967 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip.A runtime detection (malware-backdoor.rules) * 1:21970 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant outbound connection (malware-backdoor.rules) * 1:21971 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant inbound connection (malware-backdoor.rules) * 1:21972 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash variant outbound connection (malware-backdoor.rules) * 1:21973 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash runtime detection (malware-backdoor.rules) * 1:21974 <-> DISABLED <-> MALWARE-CNC Worm.Expichu variant inbound connection (malware-cnc.rules) * 1:21975 <-> DISABLED <-> MALWARE-CNC Worm.Expichu variant inbound connection (malware-cnc.rules) * 1:21976 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Lapurd.D variant outbound connection (malware-cnc.rules) * 1:21982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insain variant outbound connection (malware-cnc.rules) * 1:21995 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules) * 1:21996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules) * 1:22048 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules) * 1:22078 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:22947 <-> DISABLED <-> FILE-OTHER Novell Groupwise Addressbook buffer overflow attempt (file-other.rules) * 1:22948 <-> DISABLED <-> PROTOCOL-VOIP Avaya WinPDM header buffer overflow attempt (protocol-voip.rules) * 1:22950 <-> DISABLED <-> SERVER-WEBAPP EXIF header parsing integer overflow attempt big endian (server-webapp.rules) * 1:22951 <-> DISABLED <-> SERVER-WEBAPP EXIF header parsing integer overflow attempt little endian (server-webapp.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:23014 <-> DISABLED <-> FILE-OTHER Adobe Photoshop asset elements stack based buffer overflow attempt (file-other.rules) * 1:23046 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish Enterprise server cross site scripting attempt (server-webapp.rules) * 1:23047 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish Enterprise server cross site scripting attempt (server-webapp.rules) * 1:23051 <-> DISABLED <-> MALWARE-CNC Dybalom.A runtime traffic detected (malware-cnc.rules) * 1:23055 <-> DISABLED <-> PROTOCOL-FTP Cisco IOS FTP MKD buffer overflow attempt (protocol-ftp.rules) * 1:23056 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceR3Info buffer overflow attempt (server-other.rules) * 1:23099 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceHex denial of service attempt (server-other.rules) * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (policy-other.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:23170 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:23176 <-> DISABLED <-> MALWARE-CNC Donbot.A runtime traffic detected (malware-cnc.rules) * 1:23177 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway timer.php cross site scripting attempt (server-webapp.rules) * 1:23178 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement flood attempt (protocol-icmp.rules) * 1:23213 <-> DISABLED <-> SQL Ruby on rails SQL injection attempt (sql.rules) * 1:23234 <-> DISABLED <-> MALWARE-CNC Frethog.MK runtime traffic detected (malware-cnc.rules) * 1:23235 <-> DISABLED <-> MALWARE-CNC PBin.A runtime traffic detected (malware-cnc.rules) * 1:23238 <-> DISABLED <-> NETBIOS Wireshark console.lua file load exploit attempt (netbios.rules) * 1:23239 <-> DISABLED <-> SERVER-OTHER Wireshark console.lua file load exploit attempt (server-other.rules) * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules) * 1:23243 <-> DISABLED <-> FILE-JAVA Oracle Java Zip file directory record overflow attempt (file-java.rules) * 1:23269 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:23271 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23272 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nitol.B variant outbound connection (malware-cnc.rules) * 1:23341 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Tinrot.A runtime detection (malware-backdoor.rules) * 1:23346 <-> DISABLED <-> FILE-OTHER Oracle outside in Lotus 1-2-3 heap overflow attempt (file-other.rules) * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules) * 1:23368 <-> DISABLED <-> PROTOCOL-DNS Tftpd32 DNS server denial of service attempt (protocol-dns.rules) * 1:23397 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services stack buffer overflow attempt (server-other.rules) * 1:23398 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services stack buffer overflow attempt (server-other.rules) * 1:23401 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish server REST interface cross site request forgery attempt (server-webapp.rules) * 1:23480 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino webadmin.nsf directory traversal attempt (server-webapp.rules) * 1:23484 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Invit0r plugin non-image file upload attempt (indicator-compromise.rules) * 1:23485 <-> DISABLED <-> SERVER-WEBAPP Wordpress Invit0r plugin php upload attempt (server-webapp.rules) * 1:23544 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt (file-office.rules) * 1:23560 <-> DISABLED <-> FILE-JAVA Oracle Java Zip file directory record overflow attempt (file-java.rules) * 1:23577 <-> DISABLED <-> FILE-OTHER VLC mms hostname buffer overflow attempt (file-other.rules) * 1:23580 <-> DISABLED <-> FILE-OTHER Novell Groupwise Addressbook buffer overflow attempt (file-other.rules) * 1:23581 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:23587 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23588 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23589 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:23590 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:23598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slagent outgoing connection (malware-cnc.rules) * 1:23599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slagent outgoing connection (malware-cnc.rules) * 1:23624 <-> DISABLED <-> SERVER-OTHER Ubisoft Uplay browser plugin backdoor attempt (server-other.rules) * 1:23783 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway pbcontrol.php filename parameter command injection attempt (server-webapp.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:23879 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:23880 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:23934 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway blocked.php blind sql injection attempt (server-webapp.rules) * 1:23938 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (malware-cnc.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:24007 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:24026 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24029 <-> DISABLED <-> FILE-OTHER Oracle outside in Lotus 1-2-3 heap overflow attempt (file-other.rules) * 1:24083 <-> ENABLED <-> FILE-OTHER ESTsoft ALZip MIM file buffer overflow attempt (file-other.rules) * 1:24123 <-> DISABLED <-> MALWARE-BACKDOOR Virus.Win32.Xpaj.A variant outbound connection (malware-backdoor.rules) * 1:24128 <-> DISABLED <-> OS-WINDOWS Microsoft SCCM ReportChart xss attempt (os-windows.rules) * 1:24147 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:2417 <-> DISABLED <-> PROTOCOL-FTP format string attempt (protocol-ftp.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules) * 1:24207 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules) * 1:24208 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules) * 1:24209 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules) * 1:24240 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:24241 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:24242 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:24256 <-> ENABLED <-> MALWARE-BACKDOOR phpMyAdmin server_sync.php backdoor access attempt (malware-backdoor.rules) * 1:24291 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APISiteScopeImpl information disclosure attempt (server-webapp.rules) * 1:24292 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APISiteScopeImpl information disclosure attempt (server-webapp.rules) * 1:24296 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement invalid prefix option attempt (protocol-icmp.rules) * 1:24321 <-> DISABLED <-> SERVER-OTHER HP StorageWorks File Migration Agent buffer overflow attempt (server-other.rules) * 1:24337 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules) * 1:24446 <-> DISABLED <-> SERVER-OTHER EMC NetWorker SunRPC format string exploit attempt (server-other.rules) * 1:24480 <-> DISABLED <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt (protocol-scada.rules) * 1:24487 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:24507 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:24508 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:24518 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway PHP remote code injection attempt (server-webapp.rules) * 1:24519 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway PHP remote code execution attempt (server-webapp.rules) * 1:24520 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt (server-webapp.rules) * 1:24524 <-> DISABLED <-> SERVER-MAIL Novell GroupWise internet agent iCalendar parsing denial of service attempt (server-mail.rules) * 1:24536 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24537 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24538 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (server-other.rules) * 1:24628 <-> DISABLED <-> SERVER-WEBAPP Webmin show.cgi arbitrary command injection attempt (server-webapp.rules) * 1:24647 <-> DISABLED <-> SERVER-WEBAPP D-Link Wireless Router CAPTCHA data processing buffer overflow attempt (server-webapp.rules) * 1:24652 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (file-other.rules) * 1:24686 <-> DISABLED <-> SERVER-OTHER HP StorageWorks file migration agent buffer overflow attempt (server-other.rules) * 1:24696 <-> DISABLED <-> PROTOCOL-RPC EMC Networker nsrindexd.exe procedure 0x01 buffer overflow attempt (protocol-rpc.rules) * 1:24699 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:24700 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:24701 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (file-java.rules) * 1:24706 <-> DISABLED <-> SERVER-WEBAPP Netop Remote Control dws file buffer overflow attempt (server-webapp.rules) * 1:24707 <-> DISABLED <-> SERVER-WEBAPP Netop Remote Control dws file buffer overflow attempt (server-webapp.rules) * 1:24765 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter SRS request heap overflow attempt (server-webapp.rules) * 1:24766 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter SRS request arbitrary file download attempt (server-webapp.rules) * 1:24767 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter FSFUI request directory traversal attempt (server-webapp.rules) * 1:24801 <-> DISABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager Express asset.getmimetype sql injection attempt (server-webapp.rules) * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules) * 1:24915 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (file-java.rules) * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules) * 1:24993 <-> DISABLED <-> FILE-JAVA Oracle Java Applet remote code execution attempt (file-java.rules) * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (malware-cnc.rules) * 1:25318 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25319 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25321 <-> DISABLED <-> SERVER-ORACLE Oracle Database tablefunc_asown buffer overflow attempt (server-oracle.rules) * 1:25345 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Web interface arbitrary command execution attempt (server-webapp.rules) * 1:25346 <-> DISABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules) * 1:25347 <-> DISABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules) * 1:25348 <-> DISABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules) * 1:25353 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:25354 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:25355 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:25366 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:25367 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:25369 <-> DISABLED <-> OS-WINDOWS NVIDIA graphics driver nvsr named pipe buffer overflow attempt (os-windows.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:25449 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules) * 1:25450 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (file-pdf.rules) * 1:25534 <-> DISABLED <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt (server-webapp.rules) * 1:25542 <-> DISABLED <-> PROTOCOL-RPC EMC NetWorker nsrindexd service buffer overflow attempt (protocol-rpc.rules) * 1:25581 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (server-other.rules) * 1:25582 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (server-other.rules) * 1:25583 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (server-other.rules) * 1:25584 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (server-other.rules) * 1:25585 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (server-other.rules) * 1:25586 <-> DISABLED <-> SERVER-WEBAPP Nagios Core get_history buffer overflow attempt (server-webapp.rules) * 1:25767 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (file-pdf.rules) * 1:25810 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:25811 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:25812 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:25813 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:25818 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (file-pdf.rules) * 1:25819 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (file-pdf.rules) * 1:25855 <-> DISABLED <-> SERVER-WEBAPP Nagios XI alert cloud cross site scripting attempt (server-webapp.rules) * 1:26073 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (server-other.rules) * 1:26074 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (server-other.rules) * 1:26081 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Suspected Crimepack (malware-cnc.rules) * 1:26082 <-> DISABLED <-> FILE-PDF Nuance PDF reader launch overflow attempt (file-pdf.rules) * 1:26103 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra ping request buffer overflow attempt (server-other.rules) * 1:26105 <-> DISABLED <-> SERVER-OTHER BigAnt IM Server buffer overflow attempt (server-other.rules) * 1:26107 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (server-other.rules) * 1:26108 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (server-other.rules) * 1:26178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hiloti variant outbound connection (malware-cnc.rules) * 1:26185 <-> ENABLED <-> FILE-JAVA Oracle Java Gmbal package sandbox breach attempt (file-java.rules) * 1:26186 <-> ENABLED <-> FILE-JAVA Oracle Java Gmbal package sandbox breach attempt (file-java.rules) * 1:26195 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:26196 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules) * 1:26197 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules) * 1:26198 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:26199 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (file-java.rules) * 1:26200 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (file-java.rules) * 1:26209 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (file-other.rules) * 1:26210 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (file-other.rules) * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules) * 1:26242 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (file-multimedia.rules) * 1:26243 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (file-multimedia.rules) * 1:26262 <-> DISABLED <-> SERVER-OTHER MongoDB nativeHelper.apply method command injection attempt (server-other.rules) * 1:26274 <-> DISABLED <-> SERVER-WEBAPP Nagios3 statuswml.cgi remote command execution attempt (server-webapp.rules) * 1:26280 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26281 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26282 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26283 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26320 <-> DISABLED <-> SERVER-WEBAPP Redmine SCM rev parameter command injection attempt (server-webapp.rules) * 1:26333 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (server-other.rules) * 1:26334 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (server-other.rules) * 1:26336 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra snmp request buffer overflow attempt (server-other.rules) * 1:26389 <-> DISABLED <-> SERVER-OTHER BigAnt Document Service DUPF command arbitrary file upload attempt (server-other.rules) * 1:26390 <-> DISABLED <-> SERVER-OTHER BigAnt Document Service DUPF command arbitrary file upload attempt (server-other.rules) * 1:26416 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center mibFileUpload servlet arbitrary file upload attempt (server-webapp.rules) * 1:26417 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center mibFileUpload servlet arbitrary file upload attempt (server-webapp.rules) * 1:26418 <-> DISABLED <-> SERVER-WEBAPP HP System Management iprange parameter buffer overflow attempt (server-webapp.rules) * 1:26425 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (protocol-voip.rules) * 1:26426 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (protocol-voip.rules) * 1:26435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duqu variant outbound connection (malware-cnc.rules) * 1:26436 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center FaultDownloadServlet information disclosure attempt (server-webapp.rules) * 1:26471 <-> DISABLED <-> PROTOCOL-FTP VanDyke AbsoluteFTP LIST command stack buffer overflow attempt (protocol-ftp.rules) * 1:26473 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26474 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26475 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26476 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26477 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26478 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (file-other.rules) * 1:26479 <-> DISABLED <-> SERVER-OTHER ActFax LPD Server data field buffer overflow attempt (server-other.rules) * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:26501 <-> DISABLED <-> SERVER-OTHER BigAnt Document Service DDNF request stack buffer overflow attempt (server-other.rules) * 1:26502 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:26503 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:26504 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:26505 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center IctDownloadServlet information disclosure attempt (server-webapp.rules) * 1:26520 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (file-other.rules) * 1:26521 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (file-other.rules) * 1:26523 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center ReportImgServlet information disclosure attempt (server-webapp.rules) * 1:26547 <-> DISABLED <-> SERVER-WEBAPP phpMyAdmin preg_replace remote code execution attempt (server-webapp.rules) * 1:26626 <-> DISABLED <-> FILE-OFFICE XML parameter entity reference local file disclosure attempt (file-office.rules) * 1:26645 <-> DISABLED <-> SERVER-OTHER SSL TLS deflate compression weakness brute force attempt (server-other.rules) * 1:26648 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:26649 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:26651 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26652 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26664 <-> ENABLED <-> FILE-IMAGE BMP extremely large xpos opcodes (file-image.rules) * 1:26669 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center SyslogDownloadServlet information disclosure attempt (server-webapp.rules) * 1:26672 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:26673 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:26674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:26676 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt (file-office.rules) * 1:26759 <-> DISABLED <-> SERVER-OTHER MIT Kerberos libkdb_ldap principal name handling denial of service attempt (server-other.rules) * 1:26769 <-> DISABLED <-> SERVER-OTHER MIT Kerberos kpasswd process_chpw_request denial of service attempt (server-other.rules) * 1:26794 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center UAM acmServletDownload information disclosure attempt (server-webapp.rules) * 1:26797 <-> DISABLED <-> SERVER-WEBAPP Mutiny editdocument servlet arbitrary file access attempt (server-webapp.rules) * 1:26798 <-> DISABLED <-> SERVER-WEBAPP Mutiny editdocument servlet arbitrary file upload attempt (server-webapp.rules) * 1:26905 <-> DISABLED <-> SERVER-WEBAPP FosWiki and TWiki MAKETEXT macro memory consumption denial of service attempt (server-webapp.rules) * 1:26922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:26927 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26928 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26953 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-300/DIR-600 unauthenticated remote command execution attempt (server-webapp.rules) * 1:26990 <-> DISABLED <-> SERVER-WEBAPP WordPress Super Cache & W3 Total Cache remote code execution attempt (server-webapp.rules) * 1:26991 <-> DISABLED <-> SERVER-WEBAPP WordPress Super Cache & W3 Total Cache remote code execution attempt (server-webapp.rules) * 1:26992 <-> DISABLED <-> SERVER-WEBAPP WordPress Super Cache & W3 Total Cache remote code execution attempt (server-webapp.rules) * 1:27018 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (server-webapp.rules) * 1:27019 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (server-webapp.rules) * 1:27020 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (server-webapp.rules) * 1:27028 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (server-webapp.rules) * 1:27029 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (server-webapp.rules) * 1:27030 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (server-webapp.rules) * 1:27036 <-> DISABLED <-> SERVER-OTHER Novell NetIQ User Manager modifyAccounts policy bypass attempt (server-other.rules) * 1:27075 <-> DISABLED <-> SERVER-OTHER Novell NetIQ User Manager ldapagnt_eval remote code execution attempt (server-other.rules) * 1:27076 <-> ENABLED <-> FILE-JAVA Oracle Java Applet disable security manager attempt (file-java.rules) * 1:27077 <-> ENABLED <-> FILE-JAVA Oracle Java Applet disable security manager attempt (file-java.rules) * 1:27102 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (file-multimedia.rules) * 1:27103 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (file-multimedia.rules) * 1:27104 <-> ENABLED <-> SERVER-WEBAPP HP System Management arbitrary command injection attempt (server-webapp.rules) * 1:27105 <-> ENABLED <-> SERVER-WEBAPP HP System Management arbitrary command injection attempt (server-webapp.rules) * 1:27122 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 305 buffer overflow attempt (server-other.rules) * 1:27124 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1092 buffer overflow attempt (server-other.rules) * 1:27125 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 211 buffer overflow attempt (server-other.rules) * 1:27170 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 buffer overflow attempt (server-other.rules) * 1:27188 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:27189 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:27190 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:27191 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:27192 <-> DISABLED <-> SERVER-WEBAPP DM Albums album.php remote file include attempt (server-webapp.rules) * 1:27210 <-> ENABLED <-> SERVER-OTHER IPMI RAKP cipher zero remote authentication bypass attempt (server-other.rules) * 1:27217 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 260 buffer overflow attempt (server-other.rules) * 1:27224 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion websocket invoke method access (server-other.rules) * 1:27225 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion JRun error page getWriter denial of service attempt (server-other.rules) * 1:27226 <-> DISABLED <-> SERVER-WEBAPP DokuWiki PHP file inclusion attempt (server-webapp.rules) * 1:27231 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:27237 <-> DISABLED <-> SERVER-OTHER IPMI default username - root (server-other.rules) * 1:27238 <-> DISABLED <-> SERVER-OTHER IPMI default username - admin (server-other.rules) * 1:27239 <-> DISABLED <-> SERVER-OTHER IPMI default username - USERID (server-other.rules) * 1:27240 <-> DISABLED <-> SERVER-OTHER multiple vendors IPMI RAKP username brute force attempt (server-other.rules) * 1:27264 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt (server-other.rules) * 1:27532 <-> DISABLED <-> SERVER-MAIL Exim and Dovecot mail from remote command execution attempt (server-mail.rules) * 1:27539 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 234 buffer overflow attempt (server-other.rules) * 1:27552 <-> DISABLED <-> OS-MOBILE Android Exploit Extra_Field APK file download attempt (os-mobile.rules) * 1:27571 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 235 buffer overflow attempt (server-other.rules) * 1:27572 <-> ENABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:27573 <-> ENABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:27574 <-> ENABLED <-> SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt (server-apache.rules) * 1:27575 <-> ENABLED <-> SERVER-APACHE Apache Struts arbitrary OGNL remote code execution attempt (server-apache.rules) * 1:27617 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 264 buffer overflow attempt (server-other.rules) * 1:27621 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27622 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27623 <-> DISABLED <-> SERVER-OTHER Joomla media.php arbitrary file upload attempt (server-other.rules) * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules) * 1:27667 <-> DISABLED <-> SERVER-WEBAPP Joomla media.php file.upload direct administrator access attempt (server-webapp.rules) * 1:27672 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27673 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27674 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27675 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27676 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27677 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27688 <-> DISABLED <-> SERVER-WEBAPP mxBB MX Faq module_root_path file inclusion attempt (server-webapp.rules) * 1:27691 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27692 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27750 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27751 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27753 <-> DISABLED <-> SERVER-WEBAPP Click N Print Coupons coupon_detail.asp SQL injection attempt (server-webapp.rules) * 1:27756 <-> DISABLED <-> SERVER-WEBAPP RedHat Piranha Virtual Server Package default passwd and arbitrary command execution attempt (server-webapp.rules) * 1:27769 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 207 buffer overflow attempt (server-other.rules) * 1:27770 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 210 buffer overflow attempt (server-other.rules) * 1:27771 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 236 buffer overflow attempt (server-other.rules) * 1:27772 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 243 buffer overflow attempt (server-other.rules) * 1:27773 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 265 buffer overflow attempt (server-other.rules) * 1:27861 <-> DISABLED <-> SERVER-ORACLE Oracle Enterprise Manager Database Control directory traversal attempt (server-oracle.rules) * 1:27862 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt (server-webapp.rules) * 1:27863 <-> DISABLED <-> SERVER-WEBAPP Ektron CMS XSLT transform remote code execution attempt (server-webapp.rules) * 1:27921 <-> DISABLED <-> SERVER-ORACLE Oracle Endeca Server createDataStore remote command injection attempt (server-oracle.rules) * 1:27937 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager SNAC UpdateCertificatesServlet directory traversal attempt (server-other.rules) * 1:27941 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager SNAC UpdateDomainControllerServlet directory traversal attempt (server-other.rules) * 1:27942 <-> ENABLED <-> SERVER-WEBAPP Sophos Web Protection Appliance sblistpack arbitrary command execution attempt (server-webapp.rules) * 1:28047 <-> DISABLED <-> SERVER-WEBAPP RaidSonic Multiple Products arbitrary command injection attempt (server-webapp.rules) * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules) * 1:28093 <-> DISABLED <-> SERVER-WEBAPP Western Digital Arkeia Appliance directory traversal attempt (server-webapp.rules) * 1:28124 <-> DISABLED <-> FILE-OTHER PCRE character class heap buffer overflow attempt (file-other.rules) * 1:28137 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (file-office.rules) * 1:28145 <-> DISABLED <-> SERVER-WEBAPP OpenEMR information disclosure attempt (server-webapp.rules) * 1:28149 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file deletion (server-other.rules) * 1:28150 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file upload (server-other.rules) * 1:28165 <-> DISABLED <-> PROTOCOL-VOIP attempted DOS detected (protocol-voip.rules) * 1:28227 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 211 buffer overflow attempt (server-other.rules) * 1:28251 <-> DISABLED <-> SERVER-WEBAPP Zabbix httpmon.php SQL injection attempt (server-webapp.rules) * 1:28252 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:28263 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:28276 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:28277 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:28278 <-> DISABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager express user.updateUserValue sql injection attempt (server-webapp.rules) * 1:28289 <-> ENABLED <-> SERVER-WEBAPP Tenda W302R root remote code execution attempt (server-webapp.rules) * 1:28290 <-> ENABLED <-> SERVER-WEBAPP Tenda W302R iwpriv remote code execution attempt (server-webapp.rules) * 1:28361 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:28388 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28389 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules) * 1:28394 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28395 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28396 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28397 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28398 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28407 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center BIMS UploadServlet arbitrary file upload attempt (server-webapp.rules) * 1:28427 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:28448 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center BIMS bimsDownload directory traversal attempt (server-webapp.rules) * 1:28461 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28462 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28464 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28465 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28466 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28467 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28468 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28469 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28470 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28471 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28472 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28473 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28525 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28526 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28534 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28535 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28536 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28537 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:28575 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (file-other.rules) * 1:28576 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (file-other.rules) * 1:28597 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules) * 1:28598 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (file-pdf.rules) * 1:28621 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:28622 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:28623 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28624 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28625 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D rgba parsing overflow attempt (file-pdf.rules) * 1:28633 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:28642 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28643 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28659 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (file-pdf.rules) * 1:28709 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:28746 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver SXPG_CALL_SYSTEM remote code execution attempt (server-webapp.rules) * 1:28747 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D format memory corruption attempt (file-pdf.rules) * 1:28748 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D format memory corruption attempt (file-pdf.rules) * 1:28790 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D stream memory corruption attempt (file-pdf.rules) * 1:28794 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SerAuxTrend biff record corruption attempt (file-office.rules) * 1:28818 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (file-other.rules) * 1:28819 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (file-other.rules) * 1:28831 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (file-other.rules) * 1:28833 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:28834 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:28835 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:28836 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (file-other.rules) * 1:28837 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (file-other.rules) * 1:28839 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:28840 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:28841 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:28842 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (file-other.rules) * 1:28843 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28844 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28845 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28871 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28872 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (os-windows.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28908 <-> DISABLED <-> SERVER-OTHER Nagios core config manager tfpassword sql injection attempt (server-other.rules) * 1:28909 <-> DISABLED <-> SERVER-WEBAPP OTManager ADM_Pagina.php remote file include attempt (server-webapp.rules) * 1:28910 <-> DISABLED <-> SERVER-WEBAPP mcRefer install.php arbitrary PHP code injection attempt (server-webapp.rules) * 1:28912 <-> DISABLED <-> SERVER-WEBAPP Joomla simple RSS reader admin.rssreader.php remote file include attempt (server-webapp.rules) * 1:28915 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster.verify method integer overflow attempt (file-java.rules) * 1:28916 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster.verify method integer overflow attempt (file-java.rules) * 1:28917 <-> DISABLED <-> PROTOCOL-SCADA Microsys Promotic directory traversal attempt (protocol-scada.rules) * 1:28936 <-> DISABLED <-> SERVER-WEBAPP Horde groupware webmail edition ingo filter cross-site request forgery attempt (server-webapp.rules) * 1:28937 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope issuesiebelcmd soap request code execution attempt (server-webapp.rules) * 1:28942 <-> DISABLED <-> SERVER-WEBAPP BoonEx Dolphin 6.1.2 remote file include attempt (server-webapp.rules) * 1:28943 <-> DISABLED <-> SERVER-WEBAPP BoonEx Dolphin 6.1.2 remote file include attempt (server-webapp.rules) * 1:28944 <-> DISABLED <-> SERVER-WEBAPP BoonEx Dolphin 6.1.2 remote file include attempt (server-webapp.rules) * 1:28946 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint server callback function cross-site scripting attempt (server-webapp.rules) * 1:28956 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks configuration management umaninv information disclosure attempt (server-webapp.rules) * 1:28957 <-> DISABLED <-> SERVER-WEBAPP RSS-aggregator display.php remote file include attempt (server-webapp.rules) * 1:28961 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia URL length buffer overflow attempt (file-multimedia.rules) * 1:28962 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia URL length buffer overflow attempt (file-multimedia.rules) * 1:28993 <-> DISABLED <-> PROTOCOL-VOIP Sipvicious User-Agent detected (protocol-voip.rules) * 1:28998 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (os-linux.rules) * 1:28999 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (os-linux.rules) * 1:29005 <-> DISABLED <-> SERVER-WEBAPP IBM Platform Symphony SOAP request processing buffer overflow attempt (server-webapp.rules) * 1:29014 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (os-windows.rules) * 1:29017 <-> ENABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin directory traversal attempt (server-webapp.rules) * 1:29018 <-> DISABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin getReport SQL injection attempt (server-webapp.rules) * 1:29019 <-> ENABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin directory traversal attempt (server-webapp.rules) * 1:29028 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (server-mssql.rules) * 1:29029 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (server-mssql.rules) * 1:29040 <-> DISABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29041 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt (server-webapp.rules) * 1:29042 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt (server-webapp.rules) * 1:29061 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:29062 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules) * 1:29063 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (file-pdf.rules) * 1:29110 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway save.do cross site request forgery attempt (server-webapp.rules) * 1:29118 <-> DISABLED <-> SERVER-WEBAPP Novell Groupwise Messenger Server process memory information disclosure attempt (server-webapp.rules) * 1:29141 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file upload attempt (server-webapp.rules) * 1:29142 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file upload attempt (server-webapp.rules) * 1:29182 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29183 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29184 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29185 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (file-other.rules) * 1:29192 <-> DISABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29193 <-> DISABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29207 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29208 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29209 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29210 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29211 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29212 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (file-other.rules) * 1:29267 <-> DISABLED <-> SERVER-WEBAPP Nagios3 statuswml.cgi remote command execution attempt (server-webapp.rules) * 1:29277 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29278 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29279 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29280 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29296 <-> ENABLED <-> SERVER-WEBAPP Red Hat CloudForms agent controller filename directory traversal attempt (server-webapp.rules) * 1:29297 <-> ENABLED <-> SERVER-WEBAPP Red Hat CloudForms agent controller filename directory traversal attempt (server-webapp.rules) * 1:29362 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules) * 1:29387 <-> ENABLED <-> SERVER-WEBAPP Synology DiskStation Manager SLICEUPLOAD remote command execution attempt (server-webapp.rules) * 1:29390 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules) * 1:29391 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules) * 1:29392 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules) * 1:29400 <-> DISABLED <-> SERVER-WEBAPP vTiger CRM AddEmailAttachment directory traversal attempt (server-webapp.rules) * 1:29409 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:29410 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:29418 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (os-mobile.rules) * 1:29419 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (os-mobile.rules) * 1:29465 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29466 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29467 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29468 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29485 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29486 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29487 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29488 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29490 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules) * 1:29491 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (file-java.rules) * 1:29498 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center sdFileDownload information disclosure attempt (server-webapp.rules) * 1:29499 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center sdFileDownload information disclosure attempt (server-webapp.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29528 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt (server-other.rules) * 1:29529 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt (server-other.rules) * 1:29530 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt (server-other.rules) * 1:29531 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt (server-other.rules) * 1:29532 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt (server-other.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:29537 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (server-webapp.rules) * 1:29570 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29571 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29572 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29573 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29574 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29575 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29576 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29577 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29581 <-> DISABLED <-> SERVER-OTHER CA Brightstor SUN RPC malformed string buffer overflow attempt (server-other.rules) * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:29605 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:29606 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (file-java.rules) * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29622 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:29639 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (server-apache.rules) * 1:29647 <-> DISABLED <-> SERVER-APACHE Apache Roller OGNL injection remote code execution attempt (server-apache.rules) * 1:29648 <-> DISABLED <-> SERVER-APACHE Apache Roller OGNL injection remote code execution attempt (server-apache.rules) * 1:29649 <-> DISABLED <-> SERVER-APACHE Apache Roller allowStaticMethodAccess invocation attempt (server-apache.rules) * 1:29669 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (file-pdf.rules) * 1:29746 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway languagetest.php language parameter directory traversal attempt (server-webapp.rules) * 1:29750 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules) * 1:29751 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules) * 1:29752 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (server-webapp.rules) * 1:29756 <-> DISABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager express user.updateUserValue sql injection attempt (server-webapp.rules) * 1:29792 <-> DISABLED <-> SERVER-OTHER Novell iPrint Server remote code execution attempt (server-other.rules) * 1:29798 <-> DISABLED <-> SERVER-WEBAPP CuteFlow pre-authenticated admin account creation attempt (server-webapp.rules) * 1:29799 <-> DISABLED <-> SERVER-WEBAPP CuteFlow pre-authenticated admin account creation attempt (server-webapp.rules) * 1:29808 <-> DISABLED <-> SERVER-WEBAPP Nagios XI alert cloud cross site scripting attempt (server-webapp.rules) * 1:29823 <-> DISABLED <-> OS-WINDOWS Microsoft Windows secure channel malformed certificate request memory corruption attempt (os-windows.rules) * 1:29937 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceR3Info buffer overflow attempt (server-other.rules) * 1:29939 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29940 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29941 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29942 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (server-other.rules) * 1:29946 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:29947 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:29948 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:29950 <-> DISABLED <-> SERVER-OTHER TP-Link TL-WR740N wireless router remote denial of service attempt (server-other.rules) * 1:29967 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (server-other.rules) * 1:29968 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (server-other.rules) * 1:29992 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT120N tmUnblock.cgi TM_Block_URL parameter fprintf stack buffer overflow attempt (server-webapp.rules) * 1:30010 <-> DISABLED <-> SERVER-APACHE Apache Solr SolrResourceLoader directory traversal attempt (server-apache.rules) * 1:30011 <-> DISABLED <-> SERVER-WEBAPP GE Proficy CIMPLICITY CimWebServer remote code execution attempt (server-webapp.rules) * 1:30012 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (server-webapp.rules) * 1:30013 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (server-webapp.rules) * 1:30031 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino stack buffer overflow attempt (server-webapp.rules) * 1:30032 <-> DISABLED <-> SERVER-OTHER Borland VisiBroker Smart Agent heap overflow attempt (server-other.rules) * 1:30150 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30151 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30152 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (file-multimedia.rules) * 1:30199 <-> DISABLED <-> SERVER-WEBAPP PHP DateInterval heap buffer overread denial of service attempt (server-webapp.rules) * 1:30200 <-> DISABLED <-> SERVER-WEBAPP PHP DateInterval heap buffer overread denial of service attempt (server-webapp.rules) * 1:30205 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30206 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30207 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (server-other.rules) * 1:30215 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (file-multimedia.rules) * 1:30263 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30264 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30265 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30266 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30267 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30268 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30280 <-> DISABLED <-> SERVER-WEBAPP FreePBX config.php remote code execution attempt (server-webapp.rules) * 1:30291 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules) * 1:30292 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules) * 1:30293 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (server-webapp.rules) * 1:30294 <-> DISABLED <-> SERVER-WEBAPP SePortal poll.php SQL injection attempt (server-webapp.rules) * 1:30295 <-> DISABLED <-> SERVER-WEBAPP SePortal print.php SQL injection attempt (server-webapp.rules) * 1:30296 <-> DISABLED <-> SERVER-WEBAPP SePortal staticpages.php SQL injection attempt (server-webapp.rules) * 1:30305 <-> DISABLED <-> SERVER-WEBAPP Horde Framework variables.php unserialize PHP code execution attempt (server-webapp.rules) * 1:30307 <-> DISABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules) * 1:30329 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (server-other.rules) * 1:30330 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (server-other.rules) * 1:30343 <-> DISABLED <-> SERVER-WEBAPP Joomla weblinks-categories SQL injection attempt (server-webapp.rules) * 1:30526 <-> DISABLED <-> SERVER-WEBAPP Joomla komento extension cross site scripting attempt (server-webapp.rules) * 1:30527 <-> DISABLED <-> SERVER-WEBAPP Joomla komento extension cross site scripting attempt (server-webapp.rules) * 1:30528 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:30529 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:30774 <-> DISABLED <-> SERVER-WEBAPP Splunk collect file parameter directory traversal attempt (server-webapp.rules) * 1:30790 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30792 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (server-apache.rules) * 1:30797 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 RETR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30798 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 STOR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30799 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 ATTR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30800 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 XATR bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30801 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 PMODE bkbcopyd buffer overflow attempt (protocol-scada.rules) * 1:30802 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 bkclogserv buffer overflow attempt (protocol-scada.rules) * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:30876 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:30877 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:30928 <-> ENABLED <-> SERVER-OTHER SAP NetWeaver dir content listing attempt (server-other.rules) * 1:30944 <-> DISABLED <-> SERVER-APACHE Apache Struts CookieInterceptor classloader access attempt (server-apache.rules) * 1:31015 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules) * 1:31016 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (file-pdf.rules) * 1:31021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (file-pdf.rules) * 1:31022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (file-pdf.rules) * 1:31056 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31057 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31058 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntName enumeration attempt (protocol-snmp.rules) * 1:31059 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntPassword enumeration attempt (protocol-snmp.rules) * 1:31067 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess ChartThemeConfig SQL injection attempt (server-webapp.rules) * 1:31068 <-> DISABLED <-> SERVER-OTHER F5 BIG-IP iControl API hostname command injection attempt (server-other.rules) * 1:31095 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31096 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31097 <-> DISABLED <-> PROTOCOL-SNMP CableHome Devices cabhPsDevUIPassword enumeration attempt (protocol-snmp.rules) * 1:31098 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WEP key enumeration attempt (protocol-snmp.rules) * 1:31099 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WPA key enumeration attempt (protocol-snmp.rules) * 1:31100 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series password enumeration attempt (protocol-snmp.rules) * 1:31103 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31104 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31105 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31106 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:31128 <-> DISABLED <-> PROTOCOL-FTP CoreFTP FTP Server TYPE command denial of service attempt (protocol-ftp.rules) * 1:31143 <-> DISABLED <-> SERVER-WEBAPP CA ERwin Web Portal ConfigServiceProvider directory traversal attempt (server-webapp.rules) * 1:31148 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:31149 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:31157 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub getpermissions.asp command injection attempt (server-webapp.rules) * 1:31158 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub getpermissions.asp command injection attempt (server-webapp.rules) * 1:31159 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub getpermissions.asp command injection attempt (server-webapp.rules) * 1:31160 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub getpermissions.asp command injection attempt (server-webapp.rules) * 1:31176 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31177 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31178 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31179 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (server-other.rules) * 1:31195 <-> DISABLED <-> SERVER-WEBAPP VMTurbo Operations Manager directory traversal attempt (server-webapp.rules) * 1:31210 <-> ENABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller close_window.cgi buffer overflow attempt (server-webapp.rules) * 1:31211 <-> ENABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller close_window.cgi buffer overflow attempt (server-webapp.rules) * 1:31259 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller url_redirect.cgi directory traversal attempt (server-webapp.rules) * 1:31300 <-> ENABLED <-> SERVER-OTHER Xerox DocuShare SQL injection attempt (server-other.rules) * 1:31305 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center fileRequestor directory traversal attempt (server-webapp.rules) * 1:31310 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31311 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31312 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31330 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd update_system_info_debian_package command injection attempt (server-webapp.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:31338 <-> DISABLED <-> SERVER-OTHER OpenAFS GetStatistics buffer overflow attempt (server-other.rules) * 1:31360 <-> DISABLED <-> SERVER-WEBAPP PHP include parameter remote file include attempt (server-webapp.rules) * 1:31362 <-> DISABLED <-> SERVER-WEBAPP MiniBB PHP arbitrary remote code execution attempt (server-webapp.rules) * 1:31363 <-> DISABLED <-> SERVER-WEBAPP MF Piadas admin.php page parameter PHP remote file include attempt (server-webapp.rules) * 1:31364 <-> DISABLED <-> SERVER-WEBAPP FlashGameScript index.php func parameter PHP remote file include attempt (server-webapp.rules) * 1:31366 <-> ENABLED <-> FILE-JAVA Oracle Java sun.tracing.ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:31367 <-> ENABLED <-> FILE-JAVA Oracle Java sun.tracing.ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:31373 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:31376 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules) * 1:31377 <-> DISABLED <-> SERVER-WEBAPP PHP includedir parameter remote file include attempt (server-webapp.rules) * 1:31378 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:31379 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (file-office.rules) * 1:31411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31412 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31415 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (os-windows.rules) * 1:31425 <-> DISABLED <-> SERVER-WEBAPP PHP Simple Shop abs_path parameter PHP remote file include attempt (server-webapp.rules) * 1:31426 <-> DISABLED <-> SERVER-WEBAPP Jevontech PHPenpals PersonalID SQL injection attempt (server-webapp.rules) * 1:31429 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint server callback function cross-site scripting attempt (server-webapp.rules) * 1:31439 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:31440 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:31443 <-> DISABLED <-> SERVER-WEBAPP ActiveState ActivePerl perlIIS.dll server URI buffer overflow attempt (server-webapp.rules) * 1:31497 <-> DISABLED <-> SERVER-WEBAPP Oracle Event Processing FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:31498 <-> DISABLED <-> SERVER-WEBAPP Oracle Event Processing FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:31505 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd get_license command injection attempt (server-webapp.rules) * 1:31506 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd get_log_line command injection attempt (server-webapp.rules) * 1:31519 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:31520 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:31521 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:31522 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:31523 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:31524 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:31525 <-> ENABLED <-> SERVER-OTHER HP AutoPass License Server CommunicationServlet directory traversal attempt (server-other.rules) * 1:31526 <-> ENABLED <-> SERVER-OTHER HP AutoPass License Server CommunicationServlet directory traversal attempt (server-other.rules) * 1:31529 <-> ENABLED <-> SERVER-OTHER D-Link Multiple Products HNAP request buffer overflow attempt (server-other.rules) * 1:31534 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31535 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31536 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31537 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (file-office.rules) * 1:31540 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31541 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31542 <-> DISABLED <-> SERVER-WEBAPP D-Link Multiple Products info.cgi request buffer overflow attempt (server-webapp.rules) * 1:31555 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules) * 1:31562 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word global array index heap overflow attempt (file-office.rules) * 1:31565 <-> DISABLED <-> SERVER-WEBAPP Flashchat aedatingCMS2.php remote file include attempt (server-webapp.rules) * 1:31566 <-> DISABLED <-> SERVER-WEBAPP Flashchat aedatingCMS.php remote file include attempt (server-webapp.rules) * 1:31567 <-> DISABLED <-> SERVER-WEBAPP Gitlist remote command injection attempt (server-webapp.rules) * 1:31569 <-> DISABLED <-> SERVER-WEBAPP Tiki Wiki 8.3 unserialize PHP remote code execution attempt (server-webapp.rules) * 1:31570 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB mysql.cc buffer overflow attempt (server-mysql.rules) * 1:31588 <-> DISABLED <-> SERVER-WEBAPP D-Link Multiple Products hedwig.cgi cookie buffer overflow attempt (server-webapp.rules) * 1:31637 <-> DISABLED <-> SERVER-WEBAPP Ad Fundum Integrateable News Script remote include path attempt (server-webapp.rules) * 1:31638 <-> DISABLED <-> SERVER-WEBAPP Voodoo Chat index.php remote include path attempt (server-webapp.rules) * 1:31647 <-> DISABLED <-> SERVER-WEBAPP AVM FritzBox webcm command injection attempt (server-webapp.rules) * 1:31648 <-> DISABLED <-> SERVER-WEBAPP AVM FritzBox webcm command injection attempt (server-webapp.rules) * 1:7722 <-> DISABLED <-> MALWARE-CNC prorat 1.9 cgi notification detection (malware-cnc.rules) * 1:31652 <-> DISABLED <-> SERVER-WEBAPP VMTurbo Operations Manager vmtadmin.cgi command injection attempt (server-webapp.rules) * 1:31686 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:47828 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (snort3-file-image.rules) * 1:47822 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan outbound attempt (snort3-malware-cnc.rules) * 1:47836 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownloadGuide variant outbound traffic (snort3-malware-cnc.rules) * 1:47820 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (snort3-server-other.rules) * 1:47824 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan variant download (snort3-malware-cnc.rules) * 1:47813 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor imageUploadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:47823 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan variant download (snort3-malware-cnc.rules) * 1:47845 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (snort3-malware-other.rules) * 1:47843 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Adwind variant outbound connection (snort3-malware-cnc.rules) * 1:47847 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (snort3-malware-other.rules) * 1:47817 <-> DISABLED <-> SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt (snort3-server-webapp.rules) * 1:47831 <-> DISABLED <-> SERVER-WEBAPP phpmyadmin post-authentication local file inclusion attempt (snort3-server-webapp.rules) * 1:47825 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan variant download (snort3-malware-cnc.rules) * 1:47839 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (snort3-file-image.rules) * 1:47818 <-> DISABLED <-> SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt (snort3-server-webapp.rules) * 1:47814 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor imageUploadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:47835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownloadGuide variant outbound traffic (snort3-malware-cnc.rules) * 1:47846 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (snort3-malware-other.rules) * 1:47844 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (snort3-malware-other.rules) * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (snort3-file-flash.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (snort3-policy-other.rules) * 1:47829 <-> ENABLED <-> SERVER-OTHER JBoss Richfaces expression language injection attempt (snort3-server-other.rules) * 1:47850 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SystemCollector privilege escalation attempt (snort3-os-windows.rules) * 1:47821 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (snort3-server-other.rules) * 1:47848 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (snort3-malware-other.rules) * 1:47819 <-> DISABLED <-> SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt (snort3-server-webapp.rules) * 1:47812 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor imageUploadServlet arbitrary JSP file upload attempt (snort3-server-webapp.rules) * 1:47827 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (snort3-file-image.rules) * 1:47837 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownloadGuide variant outbound traffic (snort3-malware-cnc.rules) * 1:47832 <-> DISABLED <-> SERVER-WEBAPP WordPress Responsive Thumbnail Slider arbitrary PHP file upload attempt (snort3-server-webapp.rules) * 1:47826 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan variant download (snort3-malware-cnc.rules) * 1:47815 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor LicenseServlet directory traversal attempt (snort3-server-webapp.rules) * 1:47816 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor LicenseServlet arbitrary JSP file upload attempt (snort3-server-webapp.rules) * 1:47838 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (snort3-file-image.rules) * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (snort3-file-flash.rules) * 1:47851 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SystemCollector privilege escalation attempt (snort3-os-windows.rules) * 1:47849 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (snort3-malware-other.rules)
* 1:32084 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (snort3-server-other.rules) * 1:32885 <-> DISABLED <-> SERVER-WEBAPP Enalean Tuleap PHP unserialize code execution attempt (snort3-server-webapp.rules) * 1:32232 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (snort3-file-java.rules) * 1:32199 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 305 directory traversal attempt (snort3-server-other.rules) * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules) * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules) * 1:32109 <-> DISABLED <-> SERVER-WEBAPP Easy File Management stack buffer overflow attempt (snort3-server-webapp.rules) * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (snort3-policy-other.rules) * 1:32085 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (snort3-server-other.rules) * 1:31745 <-> DISABLED <-> SERVER-WEBAPP vTiger CRM install module command injection attempt (snort3-server-webapp.rules) * 1:12286 <-> DISABLED <-> FILE-OTHER PCRE character class heap buffer overflow attempt (snort3-file-other.rules) * 1:31743 <-> DISABLED <-> SERVER-WEBAPP Wordpress WPTouch file upload remote code execution attempt (snort3-server-webapp.rules) * 1:32324 <-> DISABLED <-> SERVER-WEBAPP WordPress Custom Contact Forms plugin arbitrary SQL execution attempt (snort3-server-webapp.rules) * 1:31798 <-> DISABLED <-> SERVER-WEBAPP HP Network Virtualization storedNtxFile directory traversal attempt (snort3-server-webapp.rules) * 1:31728 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central LinkViewFetchServlet SQL injection attempt (snort3-server-webapp.rules) * 1:32323 <-> DISABLED <-> SERVER-WEBAPP WordPress Custom Contact Forms plugin SQL export attempt (snort3-server-webapp.rules) * 1:32276 <-> DISABLED <-> SERVER-WEBAPP WordPress Infusionsoft Gravity Forms Plugin arbitrary code execution attempt (snort3-server-webapp.rules) * 1:31818 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral statusUpdate servlet directory traversal attempt (snort3-server-webapp.rules) * 1:31819 <-> DISABLED <-> SERVER-WEBAPP HP Network Virtualization toServerObject directory traversal attempt (snort3-server-webapp.rules) * 1:31823 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM remote_task command injection attempt (snort3-server-webapp.rules) * 1:31838 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Eventlog Analyzer directory traversal attempt (snort3-server-webapp.rules) * 1:32235 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (snort3-file-java.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (snort3-policy-other.rules) * 1:31851 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 128 bit WEP key enumeration attempt (snort3-protocol-snmp.rules) * 1:31852 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 64 bit WEP key enumeration attempt (snort3-protocol-snmp.rules) * 1:32056 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (snort3-server-webapp.rules) * 1:32044 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Eventlog Analyzer directory traversal attempt (snort3-server-webapp.rules) * 1:31853 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A WPA key enumeration attempt (snort3-protocol-snmp.rules) * 1:32347 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (snort3-server-webapp.rules) * 1:31854 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 128 bit WEP key enumeration attempt (snort3-protocol-snmp.rules) * 1:31855 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 64 bit WEP key enumeration attempt (snort3-protocol-snmp.rules) * 1:31856 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products WPA key enumeration attempt (snort3-protocol-snmp.rules) * 1:31877 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (snort3-server-other.rules) * 1:31878 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (snort3-server-other.rules) * 1:32346 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (snort3-server-other.rules) * 1:31879 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (snort3-server-other.rules) * 1:31880 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (snort3-server-other.rules) * 1:31881 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (snort3-server-other.rules) * 1:31882 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (snort3-server-other.rules) * 1:32342 <-> ENABLED <-> SERVER-OTHER AlienVault OSSIM framework backup_restore action command injection attempt (snort3-server-other.rules) * 1:31889 <-> DISABLED <-> SERVER-MAIL Exim Dovecot LDA sender_address command injection attempt (snort3-server-mail.rules) * 1:31890 <-> DISABLED <-> SERVER-MAIL Exim Dovecot LDA sender_address command injection attempt (snort3-server-mail.rules) * 1:31892 <-> DISABLED <-> SERVER-WEBAPP HybridAuth install.php code injection attempt (snort3-server-webapp.rules) * 1:31912 <-> DISABLED <-> SERVER-WEBAPP cPanel 9.01 multiple URI parameters cross site scripting attempt (snort3-server-webapp.rules) * 1:32337 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (snort3-file-pdf.rules) * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:31945 <-> DISABLED <-> SERVER-WEBAPP PhpWiki Ploticus plugin command injection attempt (snort3-server-webapp.rules) * 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (snort3-server-other.rules) * 1:32381 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (snort3-server-other.rules) * 1:32377 <-> DISABLED <-> FILE-OFFICE Microsoft Office invalid MS-OGRAPH DataFormat buffer overflow attempt (snort3-file-office.rules) * 1:32371 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (snort3-server-other.rules) * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (snort3-server-other.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (snort3-protocol-icmp.rules) * 1:32352 <-> ENABLED <-> SERVER-WEBAPP Centreon displayServiceStatus.php command injection attempt (snort3-server-webapp.rules) * 1:32351 <-> DISABLED <-> SERVER-WEBAPP ManageEngine multipartRequest servlet directory traversal attempt (snort3-server-webapp.rules) * 1:32350 <-> DISABLED <-> SERVER-WEBAPP ManageEngine multipartRequest servlet directory traversal attempt (snort3-server-webapp.rules) * 1:32349 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (snort3-server-webapp.rules) * 1:32348 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (snort3-server-webapp.rules) * 1:31987 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (snort3-file-other.rules) * 1:32076 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (snort3-server-other.rules) * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (snort3-policy-other.rules) * 1:32059 <-> ENABLED <-> PROTOCOL-SCADA KingSCADA Alarm Server stack buffer overflow attempt (snort3-protocol-scada.rules) * 1:32057 <-> DISABLED <-> SERVER-WEBAPP ManageEngine multipartRequest servlet directory traversal attempt (snort3-server-webapp.rules) * 1:31764 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (snort3-server-other.rules) * 1:32527 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts directory traversal attempt (snort3-server-webapp.rules) * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (snort3-policy-other.rules) * 1:32403 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (snort3-server-other.rules) * 1:32563 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts arbitrary file upload attempt (snort3-server-webapp.rules) * 1:32530 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (snort3-server-other.rules) * 1:32528 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts directory traversal attempt (snort3-server-webapp.rules) * 1:32582 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker XmlImportExport plugin PHP code injection attempt (snort3-server-webapp.rules) * 1:32581 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker XmlImportExport plugin PHP code injection attempt (snort3-server-webapp.rules) * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (snort3-policy-other.rules) * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (snort3-policy-other.rules) * 1:32601 <-> DISABLED <-> SERVER-OTHER Hikvision DVR RTSP request buffer overflow attempt (snort3-server-other.rules) * 1:32620 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (snort3-file-other.rules) * 1:32619 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (snort3-file-other.rules) * 1:32628 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (snort3-server-other.rules) * 1:32975 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (snort3-os-mobile.rules) * 1:31765 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (snort3-server-other.rules) * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (snort3-server-webapp.rules) * 1:31730 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway dbutils.php SQL injection attempt (snort3-server-webapp.rules) * 1:31747 <-> DISABLED <-> SERVER-WEBAPP Gitlab ssh key upload command injection attempt (snort3-server-webapp.rules) * 1:32794 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (snort3-file-pdf.rules) * 1:32793 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (snort3-file-pdf.rules) * 1:32753 <-> ENABLED <-> SERVER-WEBAPP FreePBX Framework Asterisk recording interface PHP unserialize code execution attempt (snort3-server-webapp.rules) * 1:32745 <-> DISABLED <-> SERVER-WEBAPP ManageEngine NetFlow Analyzer information disclosure attempt (snort3-server-webapp.rules) * 1:32744 <-> DISABLED <-> SERVER-WEBAPP ManageEngine NetFlow Analyzer DisplayChartPDF directory traversal attempt (snort3-server-webapp.rules) * 1:32742 <-> ENABLED <-> SERVER-WEBAPP Arris VAP2500 tools_command.php command execution attempt (snort3-server-webapp.rules) * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (snort3-policy-other.rules) * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (snort3-policy-other.rules) * 1:32739 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (snort3-file-multimedia.rules) * 1:32233 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (snort3-file-java.rules) * 1:32738 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (snort3-file-multimedia.rules) * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (snort3-policy-other.rules) * 1:32974 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (snort3-os-mobile.rules) * 1:32971 <-> DISABLED <-> SERVER-WEBAPP HP System Management iprange parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:32970 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP name parameter directory traversal attempt (snort3-server-webapp.rules) * 1:32969 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP name parameter directory traversal attempt (snort3-server-webapp.rules) * 1:32968 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP name parameter directory traversal attempt (snort3-server-webapp.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (snort3-policy-other.rules) * 1:32964 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:32963 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:32962 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:32961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (snort3-file-office.rules) * 1:32902 <-> DISABLED <-> FILE-OTHER Advantech ADAMView GeniDAQ display designer stack buffer overflow attempt (snort3-file-other.rules) * 1:32901 <-> DISABLED <-> FILE-OTHER Advantech ADAMView GeniDAQ display designer stack buffer overflow attempt (snort3-file-other.rules) * 1:32887 <-> DISABLED <-> SERVER-WEBAPP ActualScripts ActualAnalyzer aa.php command injection attempt (snort3-server-webapp.rules) * 1:32886 <-> DISABLED <-> SERVER-WEBAPP Enalean Tuleap PHP unserialize code execution attempt (snort3-server-webapp.rules) * 1:31986 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (snort3-file-other.rules) * 1:33041 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (snort3-file-multimedia.rules) * 1:33040 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (snort3-file-other.rules) * 1:31697 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (snort3-server-webapp.rules) * 1:31731 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway dbutils.php SQL injection attempt (snort3-server-webapp.rules) * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:36262 <-> DISABLED <-> SERVER-WEBAPP PHP fileinfo cdf_read_property_info denial of service attempt (snort3-server-webapp.rules) * 1:36261 <-> DISABLED <-> SERVER-WEBAPP PHP fileinfo cdf_read_property_info denial of service attempt (snort3-server-webapp.rules) * 1:36197 <-> DISABLED <-> SERVER-WEBAPP nginx SMTP proxy STARTTLS plaintext command injection attempt (snort3-server-webapp.rules) * 1:36192 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (snort3-file-pdf.rules) * 1:36462 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost verifypwd buffer overflow attempt (snort3-server-other.rules) * 1:36461 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost sadminpwd buffer overflow attempt (snort3-server-other.rules) * 1:36384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (snort3-os-windows.rules) * 1:36383 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (snort3-os-windows.rules) * 1:36507 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (snort3-file-flash.rules) * 1:36508 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (snort3-file-flash.rules) * 1:36509 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (snort3-file-flash.rules) * 1:36530 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (snort3-file-flash.rules) * 1:36529 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (snort3-file-flash.rules) * 1:36528 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (snort3-file-flash.rules) * 1:36527 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (snort3-file-flash.rules) * 1:36510 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (snort3-file-flash.rules) * 1:36544 <-> DISABLED <-> SERVER-WEBAPP pChart script parameter directory traversal attempt (snort3-server-webapp.rules) * 1:31729 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Password Manager MetadataServlet SQL injection attempt (snort3-server-webapp.rules) * 1:32014 <-> DISABLED <-> SERVER-WEBAPP GetSimpleCMS arbitrary PHP code execution attempt (snort3-server-webapp.rules) * 1:31956 <-> DISABLED <-> SERVER-WEBAPP Rejetto HttpFileServer command injection attempt (snort3-server-webapp.rules) * 1:32234 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (snort3-file-java.rules) * 1:33039 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (snort3-file-other.rules) * 1:33038 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (snort3-file-other.rules) * 1:33037 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (snort3-file-other.rules) * 1:33036 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (snort3-file-other.rules) * 1:33035 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (snort3-file-other.rules) * 1:33034 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (snort3-file-other.rules) * 1:33033 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (snort3-file-other.rules) * 1:33032 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (snort3-file-other.rules) * 1:33031 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (snort3-file-other.rules) * 1:33030 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (snort3-file-other.rules) * 1:33029 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (snort3-file-other.rules) * 1:33012 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (snort3-server-webapp.rules) * 1:33011 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (snort3-server-webapp.rules) * 1:33010 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (snort3-server-webapp.rules) * 1:33009 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (snort3-server-webapp.rules) * 1:33008 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (snort3-server-webapp.rules) * 1:33007 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (snort3-server-webapp.rules) * 1:33006 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (snort3-server-webapp.rules) * 1:33005 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (snort3-server-webapp.rules) * 1:33446 <-> DISABLED <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt (snort3-server-webapp.rules) * 1:33442 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (snort3-file-office.rules) * 1:33441 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (snort3-file-office.rules) * 1:33440 <-> DISABLED <-> SERVER-WEBAPP WordPress EasyCart PHP code execution attempt (snort3-server-webapp.rules) * 1:33279 <-> DISABLED <-> SERVER-WEBAPP McAfee ePolicy Orchestrator XML external entity injection attempt (snort3-server-webapp.rules) * 1:33278 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (snort3-server-webapp.rules) * 1:33277 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (snort3-server-webapp.rules) * 1:33276 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (snort3-server-webapp.rules) * 1:33197 <-> DISABLED <-> SERVER-OTHER BMC Track-It FileStorageService directory traversal attempt (snort3-server-other.rules) * 1:33114 <-> DISABLED <-> SERVER-WEBAPP HP System Management Homepage cross site scripting attempt (snort3-server-webapp.rules) * 1:33113 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory IMONITOR cross site scripting attempt (snort3-server-webapp.rules) * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (snort3-server-webapp.rules) * 1:33087 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (snort3-file-pdf.rules) * 1:33076 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (snort3-server-webapp.rules) * 1:33075 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (snort3-server-webapp.rules) * 1:33074 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (snort3-server-webapp.rules) * 1:33514 <-> DISABLED <-> SERVER-WEBAPP WordPress Photo Gallery PHP code execution attempt (snort3-server-webapp.rules) * 1:33447 <-> DISABLED <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt (snort3-server-webapp.rules) * 1:33448 <-> DISABLED <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt (snort3-server-webapp.rules) * 1:33573 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products FailOverHelperServlet information disclosure attempt (snort3-server-webapp.rules) * 1:33518 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:33517 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:33516 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:33515 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:33598 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central MSP StatusUpdateServlet directory traversal attempt (snort3-server-webapp.rules) * 1:33597 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central MSP StatusUpdateServlet directory traversal attempt (snort3-server-webapp.rules) * 1:33581 <-> DISABLED <-> SERVER-WEBAPP nginx URI processing security bypass attempt (snort3-server-webapp.rules) * 1:33574 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products FailOverHelperServlet information disclosure attempt (snort3-server-webapp.rules) * 1:33599 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central MSP StatusUpdateServlet directory traversal attempt (snort3-server-webapp.rules) * 1:33676 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway restore.php command injection attempt (snort3-server-webapp.rules) * 1:33657 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (snort3-server-webapp.rules) * 1:33653 <-> DISABLED <-> SERVER-WEBAPP Solarwinds Orion AccountManagement SQL injection attempt (snort3-server-webapp.rules) * 1:33652 <-> DISABLED <-> SERVER-WEBAPP Solarwinds Orion AccountManagement SQL injection attempt (snort3-server-webapp.rules) * 1:33651 <-> DISABLED <-> SERVER-WEBAPP Solarwinds Orion AccountManagement SQL injection attempt (snort3-server-webapp.rules) * 1:33632 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (snort3-server-webapp.rules) * 1:33615 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (snort3-file-image.rules) * 1:33665 <-> ENABLED <-> SERVER-OTHER HP Client Automation command injection attempt (snort3-server-other.rules) * 1:33659 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (snort3-server-webapp.rules) * 1:33658 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (snort3-server-webapp.rules) * 1:34185 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense status_captiveportal cross site scripting attempt (snort3-server-webapp.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (snort3-policy-other.rules) * 1:34000 <-> DISABLED <-> SERVER-WEBAPP Berta Content Management System PHP code execution attempt (snort3-server-webapp.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (snort3-policy-other.rules) * 1:33938 <-> DISABLED <-> SERVER-WEBAPP Seagate BlackArmor NAS send_test_email command injection attempt (snort3-server-webapp.rules) * 1:33937 <-> DISABLED <-> SERVER-WEBAPP TRENDnet TN200 Network Storage System command injection attempt (snort3-server-webapp.rules) * 1:33936 <-> DISABLED <-> SERVER-WEBAPP TRENDnet TN200 Network Storage System command injection attempt (snort3-server-webapp.rules) * 1:33935 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Marketplace plugin privilege escalation attempt (snort3-server-webapp.rules) * 1:33934 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Marketplace plugin directory traversal attempt (snort3-server-webapp.rules) * 1:33917 <-> DISABLED <-> SERVER-WEBAPP HP ArcSight Logger directory traversal attempt (snort3-server-webapp.rules) * 1:33916 <-> DISABLED <-> SERVER-WEBAPP HP ArcSight Logger directory traversal attempt (snort3-server-webapp.rules) * 1:33915 <-> DISABLED <-> SERVER-WEBAPP HP ArcSight Logger directory traversal attempt (snort3-server-webapp.rules) * 1:33896 <-> DISABLED <-> SERVER-WEBAPP OpenNMS XML external entity injection attempt (snort3-server-webapp.rules) * 1:33895 <-> DISABLED <-> SERVER-WEBAPP TWiki debugenableplugins arbitrary perl code injection attempt (snort3-server-webapp.rules) * 1:33894 <-> DISABLED <-> SERVER-WEBAPP TWiki debugenableplugins arbitrary perl code injection attempt (snort3-server-webapp.rules) * 1:33890 <-> DISABLED <-> SERVER-WEBAPP Websense Triton CommandLineServlet command injection attempt (snort3-server-webapp.rules) * 1:33889 <-> DISABLED <-> SERVER-WEBAPP Websense Triton CommandLineServlet command injection attempt (snort3-server-webapp.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (snort3-policy-other.rules) * 1:33853 <-> DISABLED <-> SERVER-WEBAPP D-Link multiple products ping.ccp command injection attempt (snort3-server-webapp.rules) * 1:33832 <-> DISABLED <-> SERVER-WEBAPP Seagate BlackArmor NAS getAlias.php command injection attempt (snort3-server-webapp.rules) * 1:33813 <-> DISABLED <-> SERVER-WEBAPP Eclipse Foundation Jetty HttpParser information disclosure attempt (snort3-server-webapp.rules) * 1:33812 <-> ENABLED <-> SERVER-WEBAPP Seagate NAS remote code execution attempt (snort3-server-webapp.rules) * 1:34184 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense services_unbound_acls cross site scripting attempt (snort3-server-webapp.rules) * 1:34169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (snort3-file-flash.rules) * 1:34168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (snort3-file-flash.rules) * 1:34167 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (snort3-file-flash.rules) * 1:34166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (snort3-file-flash.rules) * 1:34160 <-> DISABLED <-> SERVER-OTHER Oracle Outside In Paradox database denial of service attempt (snort3-server-other.rules) * 1:34159 <-> ENABLED <-> FILE-FLASH Adobe Flash Player EAC3 memory corruption attempt (snort3-file-flash.rules) * 1:34158 <-> ENABLED <-> FILE-FLASH Adobe Flash Player EAC3 memory corruption attempt (snort3-file-flash.rules) * 1:34157 <-> ENABLED <-> FILE-FLASH Adobe Flash Player EAC3 memory corruption attempt (snort3-file-flash.rules) * 1:34156 <-> ENABLED <-> FILE-FLASH Adobe Flash Player EAC3 memory corruption attempt (snort3-file-flash.rules) * 1:34139 <-> DISABLED <-> SERVER-OTHER Novell ZenWorks configuration management file upload directory traversal attempt (snort3-server-other.rules) * 1:34106 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (snort3-server-webapp.rules) * 1:34105 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (snort3-server-webapp.rules) * 1:34104 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (snort3-server-webapp.rules) * 1:34056 <-> DISABLED <-> SERVER-WEBAPP Lexmark Markvision Enterprise LibraryFileUploadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:34055 <-> DISABLED <-> SERVER-WEBAPP Lexmark Markvision Enterprise LibraryFileUploadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:34215 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense diag_logs_filter cross site scripting attempt (snort3-server-webapp.rules) * 1:34238 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (snort3-server-other.rules) * 1:34225 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (snort3-protocol-ftp.rules) * 1:34222 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (snort3-server-webapp.rules) * 1:34221 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (snort3-server-webapp.rules) * 1:34220 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (snort3-server-webapp.rules) * 1:34239 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (snort3-server-other.rules) * 1:34244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (snort3-file-flash.rules) * 1:34243 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (snort3-file-flash.rules) * 1:34242 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (snort3-file-flash.rules) * 1:34241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (snort3-file-flash.rules) * 1:34240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (snort3-file-flash.rules) * 1:34343 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (snort3-file-multimedia.rules) * 1:34300 <-> ENABLED <-> SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (snort3-server-webapp.rules) * 1:34285 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense firewall_shaper cross site scripting attempt (snort3-server-webapp.rules) * 1:34284 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense firewall_rules cross site scripting attempt (snort3-server-webapp.rules) * 1:34245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (snort3-file-flash.rules) * 1:34472 <-> DISABLED <-> SERVER-WEBAPP Symantec Critical System Protection SQL injection attempt (snort3-server-webapp.rules) * 1:34471 <-> ENABLED <-> SERVER-WEBAPP Symantec Critical System Protection directory traversal attempt (snort3-server-webapp.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (snort3-policy-other.rules) * 1:34427 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (snort3-os-windows.rules) * 1:34426 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (snort3-os-windows.rules) * 1:34376 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (snort3-server-other.rules) * 1:34375 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (snort3-server-other.rules) * 1:34374 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (snort3-server-other.rules) * 1:34373 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (snort3-server-other.rules) * 1:34364 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (snort3-server-webapp.rules) * 1:34363 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management GetStoredResult.class SQL injection attempt (snort3-server-webapp.rules) * 1:34361 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense deletefile directory traversal attempt (snort3-server-webapp.rules) * 1:34360 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense deletefile directory traversal attempt (snort3-server-webapp.rules) * 1:34359 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense deletefile directory traversal attempt (snort3-server-webapp.rules) * 1:34358 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWALL SonicOS macIpSpoofView cross site scripting attempt (snort3-server-webapp.rules) * 1:34353 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (snort3-server-other.rules) * 1:34352 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (snort3-server-other.rules) * 1:34351 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (snort3-server-other.rules) * 1:34350 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (snort3-server-other.rules) * 1:34349 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (snort3-server-other.rules) * 1:34344 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (snort3-file-multimedia.rules) * 1:34538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (snort3-file-flash.rules) * 1:34527 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Cooltype callother memory corruption attempt (snort3-file-pdf.rules) * 1:34526 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Cooltype callother memory corruption attempt (snort3-file-pdf.rules) * 1:34525 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType blend memory corruption attempt (snort3-file-pdf.rules) * 1:34524 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType blend memory corruption attempt (snort3-file-pdf.rules) * 1:34495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (snort3-file-flash.rules) * 1:34494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (snort3-file-flash.rules) * 1:34493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (snort3-file-flash.rules) * 1:34492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (snort3-file-flash.rules) * 1:34488 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (snort3-os-other.rules) * 1:34487 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (snort3-os-other.rules) * 1:34486 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (snort3-os-other.rules) * 1:34485 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (snort3-os-other.rules) * 1:34484 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (snort3-os-other.rules) * 1:34483 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (snort3-os-other.rules) * 1:34482 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (snort3-os-other.rules) * 1:34481 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (snort3-os-other.rules) * 1:34580 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (snort3-file-flash.rules) * 1:34579 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (snort3-file-flash.rules) * 1:34578 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (snort3-file-flash.rules) * 1:34577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (snort3-file-flash.rules) * 1:34569 <-> DISABLED <-> SERVER-WEBAPP Wordpress Creative Contact Form arbitrary PHP file upload attempt (snort3-server-webapp.rules) * 1:34552 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (snort3-file-pdf.rules) * 1:34539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (snort3-file-flash.rules) * 1:34604 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts saveFile.jsp directory traversal attempt (snort3-server-webapp.rules) * 1:34603 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (snort3-server-other.rules) * 1:34602 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (snort3-server-webapp.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (snort3-policy-other.rules) * 1:34634 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (snort3-server-webapp.rules) * 1:34605 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts saveFile.jsp directory traversal attempt (snort3-server-webapp.rules) * 1:34633 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (snort3-server-webapp.rules) * 1:34621 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (snort3-server-webapp.rules) * 1:34620 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (snort3-server-webapp.rules) * 1:34619 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (snort3-server-webapp.rules) * 1:34606 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts saveFile.jsp directory traversal attempt (snort3-server-webapp.rules) * 1:34798 <-> DISABLED <-> SERVER-OTHER HP LoadRunner launcher.dll stack buffer overflow attempt (snort3-server-other.rules) * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:34635 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (snort3-server-webapp.rules) * 1:34799 <-> ENABLED <-> SERVER-WEBAPP UPnP AddPortMapping SOAP action command injection attempt (snort3-server-webapp.rules) * 1:34846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (snort3-file-pdf.rules) * 1:34845 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (snort3-file-pdf.rules) * 1:34806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (snort3-file-flash.rules) * 1:34805 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (snort3-file-flash.rules) * 1:34804 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (snort3-file-flash.rules) * 1:34803 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (snort3-file-flash.rules) * 1:34893 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34892 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34891 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32Zlib.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34890 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32ZLib.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34895 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (snort3-file-other.rules) * 1:34894 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (snort3-file-other.rules) * 1:34896 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34897 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34901 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34900 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34899 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34898 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34904 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34903 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34902 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34906 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34905 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34908 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34907 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34909 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34915 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro quserex.dll dll-load exploit attempt (snort3-netbios.rules) * 1:34914 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34913 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34912 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34911 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34910 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (snort3-file-other.rules) * 1:34916 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro u32zlib.dll dll-load exploit attempt (snort3-netbios.rules) * 1:34942 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (snort3-server-other.rules) * 1:34941 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (snort3-server-other.rules) * 1:34940 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (snort3-server-other.rules) * 1:34939 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (snort3-server-other.rules) * 1:34938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (snort3-server-other.rules) * 1:34999 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management queryid SQL injection attempt (snort3-server-webapp.rules) * 1:34943 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (snort3-server-other.rules) * 1:35015 <-> ENABLED <-> SERVER-WEBAPP Centreon GetXmlTree.php SQL injection attempt (snort3-server-webapp.rules) * 1:35014 <-> ENABLED <-> SERVER-WEBAPP Centreon GetXMLTrapsForVendor.php SQL injection attempt (snort3-server-webapp.rules) * 1:35000 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management queryid SQL injection attempt (snort3-server-webapp.rules) * 1:35016 <-> ENABLED <-> SERVER-WEBAPP Centreon cmdGetExample.php SQL injection attempt (snort3-server-webapp.rules) * 1:35077 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (snort3-server-webapp.rules) * 1:35049 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (snort3-file-flash.rules) * 1:35048 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (snort3-file-flash.rules) * 1:35033 <-> DISABLED <-> SERVER-WEBAPP LANDesk Management Suite remote file include attempt (snort3-server-webapp.rules) * 1:35032 <-> DISABLED <-> SERVER-WEBAPP LANDesk Management Suite remote file include attempt (snort3-server-webapp.rules) * 1:35017 <-> ENABLED <-> SERVER-WEBAPP Centreon makeXML_ListMetrics.php SQL injection attempt (snort3-server-webapp.rules) * 1:35406 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_status heap buffer overflow attempt (snort3-server-apache.rules) * 1:35399 <-> DISABLED <-> SERVER-WEBAPP WordPress MailChimp Subscribe Forms PHP Code Execution command injection attempt (snort3-server-webapp.rules) * 1:35375 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (snort3-server-webapp.rules) * 1:35374 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (snort3-server-webapp.rules) * 1:35373 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (snort3-server-webapp.rules) * 1:35372 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (snort3-server-webapp.rules) * 1:35367 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (snort3-file-flash.rules) * 1:35366 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (snort3-file-flash.rules) * 1:35365 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (snort3-file-flash.rules) * 1:35364 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (snort3-file-flash.rules) * 1:35314 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_proxy denial of service attempt (snort3-server-apache.rules) * 1:35281 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (snort3-server-webapp.rules) * 1:35280 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (snort3-server-webapp.rules) * 1:35279 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (snort3-server-webapp.rules) * 1:35253 <-> DISABLED <-> SERVER-OTHER LibreOffice Impress socket manager Use After Free attempt (snort3-server-other.rules) * 1:3519 <-> DISABLED <-> SERVER-MYSQL MaxDB WebSQL wppassword buffer overflow default port (snort3-server-mysql.rules) * 1:3518 <-> DISABLED <-> SERVER-MYSQL MaxDB WebSQL wppassword buffer overflow (snort3-server-mysql.rules) * 1:35118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (snort3-os-windows.rules) * 1:35094 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (snort3-file-other.rules) * 1:35079 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (snort3-server-webapp.rules) * 1:35078 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (snort3-server-webapp.rules) * 1:35535 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (snort3-server-webapp.rules) * 1:35534 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (snort3-server-webapp.rules) * 1:35533 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (snort3-server-webapp.rules) * 1:35532 <-> DISABLED <-> SERVER-WEBAPP Apache HTTP server mod_cache denial of service attempt (snort3-server-webapp.rules) * 1:35531 <-> DISABLED <-> SERVER-WEBAPP Apache HTTP server mod_cache denial of service attempt (snort3-server-webapp.rules) * 1:35443 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (snort3-file-office.rules) * 1:35442 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (snort3-file-office.rules) * 1:35441 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (snort3-file-office.rules) * 1:35440 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (snort3-file-office.rules) * 1:35429 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (snort3-server-webapp.rules) * 1:35428 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (snort3-server-webapp.rules) * 1:35427 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (snort3-server-webapp.rules) * 1:35418 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (snort3-server-other.rules) * 1:35417 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (snort3-server-other.rules) * 1:35414 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (snort3-file-multimedia.rules) * 1:35413 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (snort3-file-multimedia.rules) * 1:35541 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftagent SQL injection attempt (snort3-server-other.rules) * 1:35560 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid stsd atom out of bounds read attempt (snort3-file-multimedia.rules) * 1:35677 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance KSudoClient privilege escalation attempt (snort3-server-webapp.rules) * 1:35682 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (snort3-server-webapp.rules) * 1:35681 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php authentication bypass attempt (snort3-server-webapp.rules) * 1:35680 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (snort3-server-webapp.rules) * 1:35679 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (snort3-server-webapp.rules) * 1:35678 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (snort3-server-webapp.rules) * 1:35701 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (snort3-server-webapp.rules) * 1:35684 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (snort3-server-webapp.rules) * 1:35683 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (snort3-server-webapp.rules) * 1:35763 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (snort3-server-other.rules) * 1:35734 <-> DISABLED <-> SERVER-WEBAPP Netgear WNDR4700 and R6200 admin interface authentication bypass attempt (snort3-server-webapp.rules) * 1:35704 <-> DISABLED <-> SERVER-WEBAPP Maarch LetterBox arbitrary PHP file upload attempt (snort3-server-webapp.rules) * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (snort3-server-webapp.rules) * 1:35702 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (snort3-server-webapp.rules) * 1:35766 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (snort3-server-other.rules) * 1:35765 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (snort3-server-other.rules) * 1:35764 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (snort3-server-other.rules) * 1:36025 <-> DISABLED <-> SERVER-OTHER Digium Asterisk TLS Certificate Common Name null byte validation bypass attempt (snort3-server-other.rules) * 1:35944 <-> ENABLED <-> SERVER-MAIL IBM Domino BMP color palette stack buffer overflow attempt (snort3-server-mail.rules) * 1:35940 <-> DISABLED <-> SERVER-WEBAPP PHP phar_parse_tarfile method integer overflow attempt (snort3-server-webapp.rules) * 1:35939 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (snort3-file-multimedia.rules) * 1:35858 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules) * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (snort3-file-flash.rules) * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (snort3-file-flash.rules) * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (snort3-file-flash.rules) * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (snort3-server-other.rules) * 1:36059 <-> DISABLED <-> SERVER-WEBAPP PHP CDF file handling infinite loop dos attempt (snort3-server-webapp.rules) * 1:36191 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (snort3-file-pdf.rules) * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (snort3-file-flash.rules) * 1:36493 <-> DISABLED <-> SERVER-OTHER Squid snmphandleUDP off-by-one buffer overflow attempt (snort3-server-other.rules) * 1:36376 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework lcfd endpoint daemon buffer overflow attempt (snort3-server-other.rules) * 1:36375 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework Endpoint default HTTP password authentication attempt (snort3-server-other.rules) * 1:31698 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (snort3-server-webapp.rules) * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:36614 <-> DISABLED <-> SERVER-WEBAPP McAfee Cloud Single Sign ExtensionAccessServlet directory traversal attempt (snort3-server-webapp.rules) * 1:36613 <-> DISABLED <-> SERVER-WEBAPP McAfee Cloud Single Sign ExtensionAccessServlet directory traversal attempt (snort3-server-webapp.rules) * 1:36596 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (snort3-os-windows.rules) * 1:36565 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (snort3-file-multimedia.rules) * 1:36564 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (snort3-file-multimedia.rules) * 1:36563 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (snort3-os-windows.rules) * 1:36562 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (snort3-os-windows.rules) * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (snort3-policy-other.rules) * 1:36823 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server buffer overflow attempt (snort3-server-other.rules) * 1:36854 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (snort3-file-other.rules) * 1:36855 <-> ENABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (snort3-file-other.rules) * 1:36885 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (snort3-file-pdf.rules) * 1:36886 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (snort3-file-pdf.rules) * 1:36900 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive showRecxml.jsp directory traversal attempt (snort3-server-webapp.rules) * 1:36901 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive showRecxml.jsp directory traversal attempt (snort3-server-webapp.rules) * 1:36902 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive showRecxml.jsp directory traversal attempt (snort3-server-webapp.rules) * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:37096 <-> DISABLED <-> SERVER-WEBAPP Joomla Component com_gmaps SQL injection attempt (snort3-server-webapp.rules) * 1:37097 <-> DISABLED <-> SERVER-WEBAPP Joomla Component com_gmaps SQL injection attempt (snort3-server-webapp.rules) * 1:37098 <-> DISABLED <-> SERVER-WEBAPP Joomla Component com_gmaps SQL injection attempt (snort3-server-webapp.rules) * 1:37099 <-> DISABLED <-> SERVER-WEBAPP Joomla Component com_gmaps SQL injection attempt (snort3-server-webapp.rules) * 1:37133 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (snort3-server-webapp.rules) * 1:37134 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (snort3-server-webapp.rules) * 1:37148 <-> DISABLED <-> SERVER-WEBAPP WordPress Gallery Objects Plugin viewid SQL injection attempt (snort3-server-webapp.rules) * 1:37242 <-> ENABLED <-> SERVER-WEBAPP D-Link DCS-900 Series Network Camera arbitrary file upload attempt (snort3-server-webapp.rules) * 1:37362 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (snort3-file-office.rules) * 1:37363 <-> DISABLED <-> SERVER-OTHER Java Library SpringFramework unauthorized serialized object attempt (snort3-server-other.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (snort3-file-flash.rules) * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (snort3-file-flash.rules) * 1:37664 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (snort3-file-java.rules) * 1:37665 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (snort3-file-java.rules) * 1:37690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (snort3-file-flash.rules) * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (snort3-file-java.rules) * 1:37803 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (snort3-file-java.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (snort3-file-java.rules) * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (snort3-file-java.rules) * 1:37828 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (snort3-file-pdf.rules) * 1:37829 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (snort3-file-pdf.rules) * 1:37830 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (snort3-file-other.rules) * 1:37831 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (snort3-file-other.rules) * 1:37832 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (snort3-file-other.rules) * 1:37833 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (snort3-file-other.rules) * 1:37854 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router cross site scripting attempt (snort3-server-webapp.rules) * 1:37855 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router cross site scripting attempt (snort3-server-webapp.rules) * 1:37856 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router cross site scripting attempt (snort3-server-webapp.rules) * 1:37857 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router cross site scripting attempt (snort3-server-webapp.rules) * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:37934 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager LIST stack overflow attempt (snort3-protocol-ftp.rules) * 1:37937 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (snort3-file-multimedia.rules) * 1:37938 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (snort3-file-multimedia.rules) * 1:37939 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (snort3-file-multimedia.rules) * 1:37940 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (snort3-file-multimedia.rules) * 1:37941 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (snort3-server-webapp.rules) * 1:37942 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (snort3-server-webapp.rules) * 1:37943 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (snort3-server-webapp.rules) * 1:38012 <-> DISABLED <-> SERVER-WEBAPP Alienvault OSSIM graph_geoloc.php SQL injection attempt (snort3-server-webapp.rules) * 1:38189 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (snort3-file-flash.rules) * 1:38190 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (snort3-file-flash.rules) * 1:38191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (snort3-file-flash.rules) * 1:38192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (snort3-file-flash.rules) * 1:38229 <-> DISABLED <-> SERVER-WEBAPP Wordpress Simple Ads Manager sam-ajax-admin.php directory traversal attempt (snort3-server-webapp.rules) * 1:38266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word HTML linked objects memory corruption attempt (snort3-file-office.rules) * 1:38267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word HTML linked objects memory corruption attempt (snort3-file-office.rules) * 1:3827 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php post attempt (snort3-server-webapp.rules) * 1:38272 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (snort3-file-office.rules) * 1:38273 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (snort3-file-office.rules) * 1:38274 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (snort3-file-office.rules) * 1:38351 <-> DISABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt (snort3-server-webapp.rules) * 1:38897 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 aires.dll dll-load exploit attempt (snort3-file-other.rules) * 1:38898 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 aires.dll dll-load exploit attempt (snort3-file-other.rules) * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (snort3-policy-other.rules) * 1:38965 <-> DISABLED <-> SERVER-WEBAPP VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (snort3-server-webapp.rules) * 1:39391 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (snort3-protocol-scada.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (snort3-policy-other.rules) * 1:43674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (snort3-file-office.rules) * 1:43675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (snort3-file-office.rules) * 1:45399 <-> DISABLED <-> FILE-OTHER Adobe Photoshop asset elements stack based buffer overflow attempt (snort3-file-other.rules) * 1:4637 <-> DISABLED <-> SERVER-OTHER MailEnable HTTPMail buffer overflow attempt (snort3-server-other.rules) * 1:46482 <-> ENABLED <-> MALWARE-CNC Installation Keylogger Osx.Trojan.Mokes data exfiltration (snort3-malware-cnc.rules) * 1:46640 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Worm.Brontok outbound HTTP request attempt (snort3-indicator-compromise.rules) * 1:46641 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Worm.Brontok outbound HTTP request attempt (snort3-indicator-compromise.rules) * 1:46642 <-> ENABLED <-> MALWARE-CNC Win.Worm.Brontok user-agent outbound connection (snort3-malware-cnc.rules) * 1:47032 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (snort3-file-multimedia.rules) * 1:47033 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (snort3-file-multimedia.rules) * 1:47744 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup CustomerPortalService.pm command injection attempt (snort3-server-webapp.rules) * 1:494 <-> DISABLED <-> INDICATOR-COMPROMISE command completed (snort3-indicator-compromise.rules) * 1:604 <-> DISABLED <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt (snort3-protocol-services.rules) * 1:7722 <-> DISABLED <-> MALWARE-CNC prorat 1.9 cgi notification detection (snort3-malware-cnc.rules) * 1:8085 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager connectedNodes.ovpl command injection attempt (snort3-server-webapp.rules) * 1:8086 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager cdpView.ovpl command injection attempt (snort3-server-webapp.rules) * 1:8087 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager freeIPaddrs.ovpl command injection attempt (snort3-server-webapp.rules) * 1:8088 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager connectedNodes.ovpl command injection attempt (snort3-server-webapp.rules) * 1:8089 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager cdpView.ovpl command injection attempt (snort3-server-webapp.rules) * 1:8090 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager freeIPaddrs.ovpl command injection attempt (snort3-server-webapp.rules) * 1:8734 <-> DISABLED <-> SERVER-WEBAPP Pajax call_dispatcher className directory traversal attempt (snort3-server-webapp.rules) * 1:9620 <-> DISABLED <-> SERVER-WEBAPP Pajax call_dispatcher remote code execution attempt (snort3-server-webapp.rules) * 1:12362 <-> DISABLED <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt (snort3-server-webapp.rules) * 1:12746 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid stsd atom out of bounds read attempt (snort3-file-multimedia.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (snort3-server-other.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (snort3-server-other.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (snort3-server-other.rules) * 1:13293 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime panorama atoms buffer overflow attempt (snort3-file-multimedia.rules) * 1:13487 <-> DISABLED <-> PUA-ADWARE Adware elite protector runtime detection (snort3-pua-adware.rules) * 1:13816 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (snort3-server-webapp.rules) * 1:13817 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (snort3-server-webapp.rules) * 1:13818 <-> DISABLED <-> SERVER-WEBAPP PHP alternate xmlrpc.php command injection attempt (snort3-server-webapp.rules) * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (snort3-server-webapp.rules) * 1:13866 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection - popup ads (snort3-malware-other.rules) * 1:13867 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection (snort3-malware-other.rules) * 1:13902 <-> DISABLED <-> SERVER-OTHER IBM Lotus Sametime multiplexer stack buffer overflow attempt (snort3-server-other.rules) * 1:13916 <-> DISABLED <-> SERVER-WEBAPP Alt-N SecurityGateway username buffer overflow attempt (snort3-server-webapp.rules) * 1:13925 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager PASV stack overflow attempt (snort3-protocol-ftp.rules) * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (snort3-protocol-tftp.rules) * 1:13940 <-> DISABLED <-> PUA-ADWARE Hijacker win32.bho.bgf outbound connection (snort3-pua-adware.rules) * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (snort3-sql.rules) * 1:14230 <-> DISABLED <-> SERVER-WEBAPP SAP DB web server stack buffer overflow attempt (snort3-server-webapp.rules) * 1:14265 <-> DISABLED <-> PROTOCOL-SCADA Multiple Schneider Electric SCADA products buffer overflow attempt (snort3-protocol-scada.rules) * 1:14607 <-> DISABLED <-> SERVER-OTHER CA Brightstor SUN RPC malformed string buffer overflow attempt (snort3-server-other.rules) * 1:14608 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (snort3-protocol-voip.rules) * 1:14609 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (snort3-protocol-voip.rules) * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (snort3-server-apache.rules) * 1:1478 <-> DISABLED <-> SERVER-WEBAPP Simple Web Counter URI Parameter Buffer Overflow attempt (snort3-server-webapp.rules) * 1:1485 <-> DISABLED <-> SERVER-IIS mkilog.exe access (snort3-server-iis.rules) * 1:15472 <-> DISABLED <-> FILE-MULTIMEDIA Multiple MP3 player PLS buffer overflow attempt (snort3-file-multimedia.rules) * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (snort3-protocol-imap.rules) * 1:15562 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (snort3-file-pdf.rules) * 1:15896 <-> DISABLED <-> SERVER-OTHER Firebird SQL op_connect_request denial of service attempt (snort3-server-other.rules) * 1:15939 <-> DISABLED <-> SERVER-OTHER MSN Messenger IRC bot calling home attempt (snort3-server-other.rules) * 1:16051 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (snort3-file-office.rules) * 1:16098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.cekar variant outbound connection (snort3-malware-cnc.rules) * 1:16131 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker trojan zlob.dnz runtime detection - ads (snort3-malware-other.rules) * 1:16140 <-> DISABLED <-> MALWARE-CNC torpig-mebroot command and control checkin (snort3-malware-cnc.rules) * 1:16184 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (snort3-server-other.rules) * 1:16231 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (snort3-file-pdf.rules) * 1:16271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS.1.Gen keepalive detection (snort3-malware-cnc.rules) * 1:16365 <-> DISABLED <-> PUA-ADWARE OnlineGames download attempt (snort3-pua-adware.rules) * 1:16366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (snort3-os-windows.rules) * 1:16494 <-> DISABLED <-> PUA-ADWARE Cutwail spambot server communication attempt (snort3-pua-adware.rules) * 1:16498 <-> DISABLED <-> PUA-ADWARE PC Antispyware 2010 FakeAV download/update attempt (snort3-pua-adware.rules) * 1:16598 <-> DISABLED <-> SERVER-OTHER Green Dam URL handling overflow attempt (snort3-server-other.rules) * 1:16606 <-> DISABLED <-> SERVER-ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt (snort3-server-oracle.rules) * 1:16636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET framework XMLDsig data tampering attempt (snort3-os-windows.rules) * 1:16638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt (snort3-file-office.rules) * 1:16665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Help Centre escape sequence XSS attempt (snort3-os-windows.rules) * 1:16688 <-> DISABLED <-> SERVER-OTHER iscsi target format string code execution attempt (snort3-server-other.rules) * 1:16689 <-> DISABLED <-> SERVER-OTHER Palo Alto Networks Firewall editUser.esp XSS attempt (snort3-server-other.rules) * 1:16692 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (snort3-file-multimedia.rules) * 1:16696 <-> DISABLED <-> FILE-OTHER Astonsoft Deepburner db file path buffer overflow attempt (snort3-file-other.rules) * 1:16726 <-> DISABLED <-> FILE-OTHER gAlan malformed file stack overflow attempt (snort3-file-other.rules) * 1:16727 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (snort3-file-other.rules) * 1:16731 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (snort3-file-other.rules) * 1:16732 <-> DISABLED <-> FILE-OTHER SafeNet SoftRemote multiple policy file local overflow attempt (snort3-file-other.rules) * 1:16733 <-> DISABLED <-> FILE-OTHER UltraISO CCD file handling overflow attempt (snort3-file-other.rules) * 1:16736 <-> DISABLED <-> FILE-OTHER VariCAD multiple products DWB file handling overflow attempt (snort3-file-other.rules) * 1:16737 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 1 (snort3-file-multimedia.rules) * 1:16738 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 2 (snort3-file-multimedia.rules) * 1:16751 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (snort3-file-multimedia.rules) * 1:16752 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (snort3-file-multimedia.rules) * 1:16753 <-> DISABLED <-> SERVER-WEBAPP VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (snort3-server-webapp.rules) * 1:16787 <-> DISABLED <-> FILE-OTHER Symantec multiple products AeXNSConsoleUtilities RunCMD buffer overflow attempt (snort3-file-other.rules) * 1:17103 <-> DISABLED <-> SERVER-IIS IIS 5.1 alternate data stream authentication bypass attempt (snort3-server-iis.rules) * 1:17139 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System HNDLRSVC arbitrary command execution attempt (snort3-server-other.rules) * 1:17155 <-> DISABLED <-> SERVER-OTHER Multiple vendors OPIE off-by-one stack buffer overflow attempt (snort3-server-other.rules) * 1:17234 <-> ENABLED <-> MALWARE-CNC VBMania mass mailing worm activity (snort3-malware-cnc.rules) * 1:17235 <-> ENABLED <-> MALWARE-CNC VBMania mass mailing worm download (snort3-malware-cnc.rules) * 1:17238 <-> DISABLED <-> FILE-OTHER ACD Systems ACDSee Products XBM file handling buffer overflow attempt (snort3-file-other.rules) * 1:17250 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt (snort3-file-office.rules) * 1:17256 <-> DISABLED <-> OS-WINDOWS Microsoft Windows uniscribe fonts parsing memory corruption attempt (snort3-os-windows.rules) * 1:17301 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (snort3-file-office.rules) * 1:17308 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (snort3-file-office.rules) * 1:17373 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime panorama atoms buffer overflow attempt (snort3-file-multimedia.rules) * 1:17440 <-> DISABLED <-> SERVER-IIS RSA authentication agent for web redirect buffer overflow attempt (snort3-server-iis.rules) * 1:17505 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (snort3-file-office.rules) * 1:17506 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (snort3-file-office.rules) * 1:17507 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (snort3-file-office.rules) * 1:17560 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word global array index heap overflow attempt (snort3-file-office.rules) * 1:17805 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Neeris.BF variant outbound connection (snort3-malware-cnc.rules) * 1:18102 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt (snort3-file-pdf.rules) * 1:18222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (snort3-file-java.rules) * 1:18247 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (snort3-malware-cnc.rules) * 1:18279 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karagany.A variant outbound connection (snort3-malware-cnc.rules) * 1:18281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.njz variant outbound connection (snort3-malware-cnc.rules) * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (snort3-server-webapp.rules) * 1:18448 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (snort3-file-pdf.rules) * 1:18451 <-> DISABLED <-> FILE-PDF Adobe Acrobat ICC color integer overflow attempt (snort3-file-pdf.rules) * 1:18453 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (snort3-file-pdf.rules) * 1:18457 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D rgba parsing overflow attempt (snort3-file-pdf.rules) * 1:18478 <-> DISABLED <-> SERVER-WEBAPP miniBB rss.php premodDir remote file include attempt (snort3-server-webapp.rules) * 1:18479 <-> DISABLED <-> SERVER-WEBAPP miniBB rss.php pathToFiles remote file include attempt (snort3-server-webapp.rules) * 1:18488 <-> DISABLED <-> FILE-OTHER Adobe Photoshop wintab32.dll dll-load exploit attempt (snort3-file-other.rules) * 1:18489 <-> DISABLED <-> FILE-OTHER Adobe Photoshop wintab32.dll dll-load exploit attempt (snort3-file-other.rules) * 1:18506 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (snort3-file-pdf.rules) * 1:18507 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (snort3-file-pdf.rules) * 1:18511 <-> DISABLED <-> SERVER-OTHER Sourcefire Snort packet fragmentation reassembly denial of service attempt (snort3-server-other.rules) * 1:18524 <-> DISABLED <-> SERVER-OTHER Multiple vendor anti-virus extended ASCII filename scan bypass attempt (snort3-server-other.rules) * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (snort3-file-pdf.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (snort3-file-pdf.rules) * 1:18529 <-> DISABLED <-> FILE-OTHER Adobe Premiere Pro ibfs32.dll dll-load exploit attempt (snort3-file-other.rules) * 1:18530 <-> DISABLED <-> FILE-OTHER Adobe Premier Pro ibfs32.dll dll-load exploit attempt (snort3-file-other.rules) * 1:18531 <-> DISABLED <-> SERVER-OTHER Multiple Vendors iacenc.dll dll-load exploit attempt (snort3-server-other.rules) * 1:18532 <-> DISABLED <-> OS-WINDOWS Multiple Vendors iacenc.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:18535 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word file sprmTSetBrc processing buffer overflow attempt (snort3-file-office.rules) * 1:18562 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.LivePcCare variant outbound connection (snort3-malware-cnc.rules) * 1:18575 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager LIST stack overflow attempt (snort3-protocol-ftp.rules) * 1:18577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.agum variant outbound connection (snort3-malware-cnc.rules) * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (snort3-server-other.rules) * 1:18618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar.dpvy/Parkchicers.A/Delf checkin (snort3-malware-cnc.rules) * 1:18638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (snort3-file-office.rules) * 1:18642 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (snort3-file-office.rules) * 1:18643 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (snort3-file-office.rules) * 1:18707 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ControlCenter variant outbound connection (snort3-malware-cnc.rules) * 1:18708 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AntivirusSoft variant outbound connection (snort3-malware-cnc.rules) * 1:18709 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.aufm variant outbound connection (snort3-malware-cnc.rules) * 1:18711 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.SecurityCentral variant outbound connection (snort3-malware-cnc.rules) * 1:18712 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.XJRAntivirus variant outbound connection (snort3-malware-cnc.rules) * 1:18715 <-> ENABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (snort3-malware-cnc.rules) * 1:18716 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.H variant outbound connection (snort3-malware-cnc.rules) * 1:18717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.QO variant outbound connection (snort3-malware-cnc.rules) * 1:18718 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AdvancedDefender variant outbound connection (snort3-malware-cnc.rules) * 1:18719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.CBY variant outbound connection (snort3-malware-cnc.rules) * 1:18720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Terzib.A variant outbound connection (snort3-malware-cnc.rules) * 1:18723 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.CleanV variant outbound connection (snort3-malware-cnc.rules) * 1:18724 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ZeroClean variant outbound connection (snort3-malware-cnc.rules) * 1:18739 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Koobface.D variant outbound connection (snort3-malware-cnc.rules) * 1:18753 <-> DISABLED <-> SERVER-OTHER Zend Server Java Bridge remote code execution attempt (snort3-server-other.rules) * 1:18764 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (snort3-server-webapp.rules) * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (snort3-server-mail.rules) * 1:18808 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail Server List Mailer Reply-To address buffer overflow attempt (snort3-server-mail.rules) * 1:18934 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- snort3-malware-cnc.rules) * 1:18936 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Win.Trojan.FakeAV (snort3-malware-cnc.rules) * 1:18937 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Win.Trojan.Krap (snort3-malware-cnc.rules) * 1:18939 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules) * 1:18940 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Sality (snort3-malware-cnc.rules) * 1:18941 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - FakeAV (snort3-malware-cnc.rules) * 1:18942 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - MacProtector (snort3-malware-cnc.rules) * 1:18943 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - MacDefender (snort3-malware-cnc.rules) * 1:18945 <-> DISABLED <-> MALWARE-CNC Virus.Win32.Feberr variant outbound connection (snort3-malware-cnc.rules) * 1:18946 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IRCBot.FC variant outbound connection (snort3-malware-cnc.rules) * 1:18947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.FC variant outbound connection (snort3-malware-cnc.rules) * 1:18952 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (snort3-file-other.rules) * 1:18976 <-> DISABLED <-> MALWARE-CNC Rogue-Software.AVCare variant outbound connection (snort3-malware-cnc.rules) * 1:18977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy variant outbound connection (snort3-malware-cnc.rules) * 1:18978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pasta.aoq variant outbound connection (snort3-malware-cnc.rules) * 1:18980 <-> DISABLED <-> MALWARE-CNC WinSpywareProtect variant outbound connection (snort3-malware-cnc.rules) * 1:18981 <-> DISABLED <-> MALWARE-CNC WinSpywareProtect variant outbound connection (snort3-malware-cnc.rules) * 1:18982 <-> DISABLED <-> MALWARE-CNC WinSpywareProtect variant outbound connection (snort3-malware-cnc.rules) * 1:18984 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Win32/Trojanclicker (snort3-malware-cnc.rules) * 1:18998 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (snort3-server-webapp.rules) * 1:19016 <-> ENABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (snort3-malware-cnc.rules) * 1:19017 <-> ENABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (snort3-malware-cnc.rules) * 1:19018 <-> ENABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (snort3-malware-cnc.rules) * 1:19019 <-> ENABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (snort3-malware-cnc.rules) * 1:19021 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Win32.FraudLoad.dzm variant outbound connection (snort3-malware-cnc.rules) * 1:19023 <-> DISABLED <-> MALWARE-CNC IRC.Zapchast.zwrc variant outbound connection (snort3-malware-cnc.rules) * 1:19024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.StartPage variant outbound connection (snort3-malware-cnc.rules) * 1:19025 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Banker.Win32.Bancos.etf variant outbound connection (snort3-malware-cnc.rules) * 1:19027 <-> DISABLED <-> MALWARE-CNC BrowserModifier.Win32.Kerlofost variant outbound connection (snort3-malware-cnc.rules) * 1:19028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mailbot variant outbound connection (snort3-malware-cnc.rules) * 1:19030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uloadis variant outbound connection (snort3-malware-cnc.rules) * 1:19031 <-> DISABLED <-> MALWARE-CNC iPRIVACY variant outbound connection (snort3-malware-cnc.rules) * 1:19032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cornfemo variant outbound connection (snort3-malware-cnc.rules) * 1:19033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cornfemo variant outbound connection (snort3-malware-cnc.rules) * 1:19035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vilsel.baqb variant outbound connection (snort3-malware-cnc.rules) * 1:19036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IRCBrute.I variant outbound connection (snort3-malware-cnc.rules) * 1:19037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBrute.I variant outbound connection (snort3-malware-cnc.rules) * 1:19038 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (snort3-malware-cnc.rules) * 1:19039 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Linkbot.alr variant outbound connection (snort3-malware-cnc.rules) * 1:19040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linkbot.alr variant outbound connection (snort3-malware-cnc.rules) * 1:19041 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.C variant outbound connection (snort3-malware-cnc.rules) * 1:19042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.ACQE variant outbound connection (snort3-malware-cnc.rules) * 1:19043 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.BestBoan outbound connection (snort3-pua-adware.rules) * 1:19044 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.ThinkPoint outbound connection (snort3-pua-adware.rules) * 1:19045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.XQ variant outbound connection (snort3-malware-cnc.rules) * 1:19046 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.Winwebsec outbound connection (snort3-pua-adware.rules) * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (snort3-malware-cnc.rules) * 1:19048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkness variant outbound connection (snort3-malware-cnc.rules) * 1:19050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra.fxe variant outbound connection (snort3-malware-cnc.rules) * 1:19052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (snort3-malware-cnc.rules) * 1:19053 <-> ENABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (snort3-malware-cnc.rules) * 1:19054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sisron.nelo variant outbound connection (snort3-malware-cnc.rules) * 1:19055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (snort3-malware-cnc.rules) * 1:19056 <-> ENABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (snort3-malware-cnc.rules) * 1:19057 <-> ENABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (snort3-malware-cnc.rules) * 1:19058 <-> ENABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (snort3-malware-cnc.rules) * 1:19059 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.SystemDefragmenter outbound connection (snort3-pua-adware.rules) * 1:19060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ponmocup.A variant outbound connection (snort3-malware-cnc.rules) * 1:19061 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Cashtitan contact to server attempt (snort3-pua-adware.rules) * 1:19062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakePlus variant outbound connection (snort3-malware-cnc.rules) * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (snort3-server-other.rules) * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:19164 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (snort3-malware-cnc.rules) * 1:19206 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (snort3-server-other.rules) * 1:19225 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SerAuxTrend biff record corruption attempt (snort3-file-office.rules) * 1:19309 <-> DISABLED <-> PUA-ADWARE hijacker starware videos outbound connection (snort3-pua-adware.rules) * 1:19310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen3 variant outbound connection (snort3-malware-cnc.rules) * 1:19312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aah variant outbound connection (snort3-malware-cnc.rules) * 1:19328 <-> ENABLED <-> MALWARE-CNC PointGuide variant outbound connection (snort3-malware-cnc.rules) * 1:19329 <-> DISABLED <-> MALWARE-CNC Faceback.exe variant outbound connection (snort3-malware-cnc.rules) * 1:19330 <-> DISABLED <-> MALWARE-CNC Adclicker Win.Trojan.Zlob.dnz variant outbound connection (snort3-malware-cnc.rules) * 1:19331 <-> DISABLED <-> MALWARE-CNC Adclicker Win.Trojan.Zlob.dnz variant outbound connection (snort3-malware-cnc.rules) * 1:19332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clampi variant outbound connection (snort3-malware-cnc.rules) * 1:19339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (snort3-malware-cnc.rules) * 1:19340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav TREAntivirus variant outbound connection (snort3-malware-cnc.rules) * 1:19341 <-> DISABLED <-> MALWARE-CNC Worm MSIL.AiO.a variant outbound connection (snort3-malware-cnc.rules) * 1:19342 <-> DISABLED <-> MALWARE-CNC Adware Professional variant outbound connection (snort3-malware-cnc.rules) * 1:19343 <-> DISABLED <-> MALWARE-CNC Adware Pro variant outbound connection (snort3-malware-cnc.rules) * 1:19344 <-> DISABLED <-> MALWARE-CNC AntiMalware Pro variant outbound connection (snort3-malware-cnc.rules) * 1:19345 <-> DISABLED <-> MALWARE-CNC REAnti variant outbound connection (snort3-malware-cnc.rules) * 1:19346 <-> DISABLED <-> MALWARE-CNC Additional Guard variant outbound connection (snort3-malware-cnc.rules) * 1:19348 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (snort3-malware-cnc.rules) * 1:19349 <-> DISABLED <-> MALWARE-CNC Fakeav Vaccineclear variant outbound connection (snort3-malware-cnc.rules) * 1:19351 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (snort3-malware-cnc.rules) * 1:19352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.D variant outbound connection (snort3-malware-cnc.rules) * 1:19353 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (snort3-malware-cnc.rules) * 1:19357 <-> ENABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (snort3-malware-cnc.rules) * 1:19358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (snort3-malware-cnc.rules) * 1:19359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dcbavict.A variant outbound connection (snort3-malware-cnc.rules) * 1:19360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dcbavict.A variant outbound connection (snort3-malware-cnc.rules) * 1:19361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dcbavict.A variant outbound connection (snort3-malware-cnc.rules) * 1:19363 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot.B variant outbound connection (snort3-malware-cnc.rules) * 1:19366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HXWAN.A variant outbound connection (snort3-malware-cnc.rules) * 1:19367 <-> DISABLED <-> MALWARE-CNC Win.Worm.Vaubeg.A variant outbound connection (snort3-malware-cnc.rules) * 1:19368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (snort3-malware-cnc.rules) * 1:19369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (snort3-malware-cnc.rules) * 1:19370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (snort3-malware-cnc.rules) * 1:19371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.IC variant outbound connection (snort3-malware-cnc.rules) * 1:19372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string javasw - Trojan.Banload (snort3-malware-cnc.rules) * 1:19391 <-> DISABLED <-> PUA-ADWARE Lost Door v3.0 (snort3-pua-adware.rules) * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (snort3-malware-other.rules) * 1:19393 <-> DISABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (snort3-malware-other.rules) * 1:19394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tidserv variant outbound connection (snort3-malware-cnc.rules) * 1:19395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Monkif.J inbound connection - dest ip infected (snort3-malware-cnc.rules) * 1:19396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beastdoor.b variant outbound connection (snort3-malware-cnc.rules) * 1:19397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UltimateDefender.xv variant outbound connection (snort3-malware-cnc.rules) * 1:19398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BAT.Shutdown.ef variant outbound connection (snort3-malware-cnc.rules) * 1:19399 <-> DISABLED <-> MALWARE-CNC Email Worm Win32.Zhelatin.ch variant outbound connection (snort3-malware-cnc.rules) * 1:19400 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sddrop.D variant outbound connection (snort3-malware-cnc.rules) * 1:19401 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sddrop.D variant outbound connection (snort3-malware-cnc.rules) * 1:19402 <-> DISABLED <-> MALWARE-CNC P2P Worm.Win32.Malas.r variant outbound connection (snort3-malware-cnc.rules) * 1:19404 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ozdok variant outbound connection (snort3-malware-cnc.rules) * 1:19426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Crypter.i variant outbound connection (snort3-malware-cnc.rules) * 1:19427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.amjz variant outbound connection (snort3-malware-cnc.rules) * 1:19428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Adload.BG variant outbound connection (snort3-malware-cnc.rules) * 1:19429 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (snort3-malware-cnc.rules) * 1:19433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fujacks.aw variant outbound connection (snort3-malware-cnc.rules) * 1:19434 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrCode (snort3-malware-cnc.rules) * 1:19435 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (snort3-malware-cnc.rules) * 1:19453 <-> DISABLED <-> PUA-ADWARE Sus.BancDI-B trojan outbound connection (snort3-pua-adware.rules) * 1:19454 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PWS.Win32.QQPass.IK variant outbound connection (snort3-malware-cnc.rules) * 1:19456 <-> DISABLED <-> MALWARE-CNC Packed.Win32.Klone.bj variant outbound connection (snort3-malware-cnc.rules) * 1:19457 <-> DISABLED <-> MALWARE-CNC Trojan-Clicker.Win32.Vesloruki.ajb variant outbound connection (snort3-malware-cnc.rules) * 1:19458 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (snort3-file-office.rules) * 1:19459 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (snort3-file-office.rules) * 1:19476 <-> DISABLED <-> MALWARE-CNC Exploit.Win32.SqlShell.r variant outbound connection (snort3-malware-cnc.rules) * 1:19477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap.af variant outbound connection (snort3-malware-cnc.rules) * 1:19478 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Taterf.B variant outbound connection (snort3-malware-cnc.rules) * 1:19479 <-> DISABLED <-> MALWARE-CNC Net-Worm.Win32.Piloyd.m variant outbound connection - request html (snort3-malware-cnc.rules) * 1:19480 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (snort3-malware-cnc.rules) * 1:19481 <-> DISABLED <-> MALWARE-CNC Email-Worm.Win32.Agent.bx variant outbound connection (snort3-malware-cnc.rules) * 1:19482 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (snort3-malware-cnc.rules) * 1:19483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reload.fy variant outbound connection (snort3-malware-cnc.rules) * 1:19485 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RAV1 (snort3-malware-cnc.rules) * 1:19486 <-> DISABLED <-> PUA-ADWARE W32.Fiala.A outbound connection (snort3-pua-adware.rules) * 1:19487 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.kih variant outbound connection (snort3-malware-cnc.rules) * 1:19488 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Failnum.A variant outbound connection (snort3-malware-cnc.rules) * 1:19489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DeAlfa.fa variant outbound connection (snort3-malware-cnc.rules) * 1:19490 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (snort3-malware-cnc.rules) * 1:19491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Genome.vau variant outbound connection (snort3-malware-cnc.rules) * 1:19492 <-> DISABLED <-> MALWARE-CNC Windows System Defender variant outbound connection (snort3-malware-cnc.rules) * 1:19493 <-> ENABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (snort3-malware-cnc.rules) * 1:19494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Licum variant outbound connection (snort3-malware-cnc.rules) * 1:19495 <-> DISABLED <-> MALWARE-CNC Win.Worm.Pilleuz variant outbound connection (snort3-malware-cnc.rules) * 1:19554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav Antivirus Xp Pro variant outbound connection (snort3-malware-cnc.rules) * 1:19555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (snort3-malware-cnc.rules) * 1:19556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Homa variant outbound connection (snort3-malware-cnc.rules) * 1:19557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shark.ag variant outbound connection (snort3-malware-cnc.rules) * 1:19566 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (snort3-pua-adware.rules) * 1:19567 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (snort3-pua-adware.rules) * 1:19568 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.PerfectKeylogger variant outbound connection (snort3-malware-cnc.rules) * 1:19569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perkesh variant outbound connection (snort3-malware-cnc.rules) * 1:19570 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ie 11.0 sp6 (snort3-malware-cnc.rules) * 1:19571 <-> DISABLED <-> PUA-ADWARE Antivirus Agent Pro outbound connection (snort3-pua-adware.rules) * 1:19572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FFSearch variant outbound connection (snort3-malware-cnc.rules) * 1:19573 <-> DISABLED <-> MALWARE-CNC Win.Worm.Chiviper.C variant outbound connection (snort3-malware-cnc.rules) * 1:19574 <-> DISABLED <-> MALWARE-CNC Win.Worm.Chiviper.C variant outbound connection (snort3-malware-cnc.rules) * 1:19575 <-> DISABLED <-> MALWARE-CNC Win.Worm.Emold.U variant outbound connection (snort3-malware-cnc.rules) * 1:19576 <-> DISABLED <-> PUA-ADWARE Antivirus Pro 2010 outbound connection (snort3-pua-adware.rules) * 1:19577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Dogrobot.E variant outbound connection (snort3-malware-cnc.rules) * 1:19578 <-> DISABLED <-> PUA-ADWARE Personal Guard 2009 outbound connection (snort3-pua-adware.rules) * 1:19579 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (snort3-malware-cnc.rules) * 1:19580 <-> DISABLED <-> MALWARE-CNC Win.Worm.Basun.wsc inbound connection (snort3-malware-cnc.rules) * 1:19581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Apher.gpd variant outbound connection (snort3-malware-cnc.rules) * 1:19582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Apher.gpd variant outbound connection (snort3-malware-cnc.rules) * 1:19583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bumat.rts variant outbound connection (snort3-malware-cnc.rules) * 1:19584 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dref.C variant outbound connection (snort3-malware-cnc.rules) * 1:19585 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dref.C variant outbound connection - notification (snort3-malware-cnc.rules) * 1:19586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Agent.dlg variant outbound connection (snort3-malware-cnc.rules) * 1:19587 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sereki.B variant outbound connection (snort3-malware-cnc.rules) * 1:19588 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sereki.B successful connection (snort3-malware-cnc.rules) * 1:19589 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (snort3-malware-cnc.rules) * 1:19590 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (snort3-malware-cnc.rules) * 1:19591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Powp.pyv variant outbound connection (snort3-malware-cnc.rules) * 1:19592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:19593 <-> DISABLED <-> MALWARE-CNC Win.Worm.Agent.btxm variant outbound connection IRC (snort3-malware-cnc.rules) * 1:19594 <-> DISABLED <-> PUA-ADWARE Win32.Fruspam outbound connection (snort3-pua-adware.rules) * 1:19595 <-> DISABLED <-> MALWARE-OTHER known malicious email string - You have received a Hallmark E-Card (snort3-malware-other.rules) * 1:19596 <-> DISABLED <-> MALWARE-CNC Poison Ivy variant outbound connection (snort3-malware-cnc.rules) * 1:19597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cws variant outbound connection (snort3-malware-cnc.rules) * 1:19598 <-> DISABLED <-> PUA-ADWARE Infostealer.Gampass outbound connection (snort3-pua-adware.rules) * 1:19608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wisscmd.A variant outbound connection (snort3-malware-cnc.rules) * 1:19611 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string INet - Win32.Virus.Jusabli.A (snort3-malware-cnc.rules) * 1:19612 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Banload.bvk variant outbound connection (snort3-malware-cnc.rules) * 1:19613 <-> DISABLED <-> MALWARE-CNC Rogue Software Registry Cleaner Pro variant outbound connection (snort3-malware-cnc.rules) * 1:19614 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IRCBot.kkr variant outbound connection (snort3-malware-cnc.rules) * 1:19615 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.kkr variant outbound connection (snort3-malware-cnc.rules) * 1:19616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Win32.Banbra.mcq variant outbound connection (snort3-malware-cnc.rules) * 1:19622 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (snort3-malware-cnc.rules) * 1:19623 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (snort3-malware-cnc.rules) * 1:19625 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (snort3-malware-cnc.rules) * 1:19626 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (snort3-malware-cnc.rules) * 1:19627 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (snort3-malware-cnc.rules) * 1:19628 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (snort3-malware-cnc.rules) * 1:19631 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (snort3-malware-cnc.rules) * 1:19632 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (snort3-malware-cnc.rules) * 1:19633 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (snort3-malware-cnc.rules) * 1:19635 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (snort3-malware-cnc.rules) * 1:19636 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (snort3-malware-cnc.rules) * 1:19637 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (snort3-malware-cnc.rules) * 1:19638 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (snort3-malware-cnc.rules) * 1:19652 <-> DISABLED <-> MALWARE-CNC Teevsock C variant outbound connection (snort3-malware-cnc.rules) * 1:19654 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.Zbot.wti variant outbound connection (snort3-malware-cnc.rules) * 1:19655 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Agent.IK variant outbound connection (snort3-malware-cnc.rules) * 1:19656 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Peace.lh variant outbound connection (snort3-malware-cnc.rules) * 1:19657 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (snort3-malware-cnc.rules) * 1:19658 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (snort3-malware-cnc.rules) * 1:19659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soleseq.A variant outbound connection (snort3-malware-cnc.rules) * 1:19660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Riern.K variant outbound connection (snort3-malware-cnc.rules) * 1:19695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.VB.nec variant outbound connection (snort3-malware-cnc.rules) * 1:19696 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot.nng inbound connection (snort3-malware-cnc.rules) * 1:19697 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Win32.VB.btm variant outbound connection (snort3-malware-cnc.rules) * 1:19698 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prosti.AG variant outbound connection (snort3-malware-cnc.rules) * 1:19699 <-> DISABLED <-> MALWARE-CNC TrojanDownloader.Win32.Korklic.A variant outbound connection (snort3-malware-cnc.rules) * 1:19700 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.tnr variant outbound connection (snort3-malware-cnc.rules) * 1:19701 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hassar.A variant outbound connection (snort3-malware-cnc.rules) * 1:19702 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (snort3-malware-cnc.rules) * 1:19703 <-> ENABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (snort3-malware-cnc.rules) * 1:19704 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (snort3-malware-cnc.rules) * 1:19705 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (snort3-malware-cnc.rules) * 1:19706 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (snort3-malware-cnc.rules) * 1:19711 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (snort3-malware-cnc.rules) * 1:19712 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (snort3-malware-cnc.rules) * 1:19715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.URLZone variant outbound connection (snort3-malware-cnc.rules) * 1:19716 <-> DISABLED <-> MALWARE-CNC TrojanSpy.Win32.Banker.OO variant outbound connection (snort3-malware-cnc.rules) * 1:19717 <-> DISABLED <-> PUA-ADWARE Virus.Win32.Virut.ce outbound connection (snort3-pua-adware.rules) * 1:19718 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Agent.bkap variant outbound connection (snort3-malware-cnc.rules) * 1:19719 <-> DISABLED <-> MALWARE-CNC Email-Worm.Win32.Bagle.of variant outbound connection (snort3-malware-cnc.rules) * 1:19720 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Onestage.ws variant outbound connection (snort3-malware-cnc.rules) * 1:19721 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.mlh variant outbound connection (snort3-malware-cnc.rules) * 1:19722 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (snort3-malware-cnc.rules) * 1:19723 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (snort3-malware-cnc.rules) * 1:19724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:19725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (snort3-malware-cnc.rules) * 1:19726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (snort3-malware-cnc.rules) * 1:19727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.DI variant outbound connection (snort3-malware-cnc.rules) * 1:19728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yayih variant outbound connection (snort3-malware-cnc.rules) * 1:19729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yayih variant outbound connection (snort3-malware-cnc.rules) * 1:19730 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (snort3-malware-cnc.rules) * 1:19731 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (snort3-malware-cnc.rules) * 1:19732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (snort3-malware-cnc.rules) * 1:19733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.BRU variant outbound connection (snort3-malware-cnc.rules) * 1:19739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Apptom variant outbound connection (snort3-malware-cnc.rules) * 1:19740 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.aczu variant outbound connection (snort3-malware-cnc.rules) * 1:19741 <-> DISABLED <-> MALWARE-OTHER PWS.Win32.Scofted keylogger runtime detection (snort3-malware-other.rules) * 1:19742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.atff variant outbound connection (snort3-malware-cnc.rules) * 1:19743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon.eqlo variant outbound connection (snort3-malware-cnc.rules) * 1:19744 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Deecee.a variant outbound connection (snort3-malware-cnc.rules) * 1:19745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudLoad.dyl variant outbound connection (snort3-malware-cnc.rules) * 1:19746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.biiw variant outbound connection (snort3-malware-cnc.rules) * 1:19747 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.GGDoor.22 variant outbound connection (snort3-malware-backdoor.rules) * 1:19748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypt.ULPM.Gen IRC variant outbound connection (snort3-malware-cnc.rules) * 1:19749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.chgp variant outbound connection (snort3-malware-cnc.rules) * 1:19750 <-> DISABLED <-> MALWARE-CNC PWS.Win32.Zbot.PJ variant outbound connection (snort3-malware-cnc.rules) * 1:19751 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Sohanad.bm variant outbound connection (snort3-malware-cnc.rules) * 1:19752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (snort3-malware-cnc.rules) * 1:19753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TrojanSpy.Win32.Zbot.gen.C variant outbound connection (snort3-malware-cnc.rules) * 1:19754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Delf.RGL variant outbound connection (snort3-malware-cnc.rules) * 1:19755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alphabet variant outbound connection (snort3-malware-cnc.rules) * 1:19756 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (snort3-malware-cnc.rules) * 1:19757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.bqlu variant outbound connection (snort3-malware-cnc.rules) * 1:19758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.yw variant outbound connection (snort3-malware-cnc.rules) * 1:19759 <-> DISABLED <-> MALWARE-CNC Trojan-PSW.Win32.FireThief.h variant outbound connection (snort3-malware-cnc.rules) * 1:19760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arsinfoder variant outbound connection (snort3-malware-cnc.rules) * 1:19761 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (snort3-malware-cnc.rules) * 1:19762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RDPdoor.AE variant outbound connection (snort3-malware-cnc.rules) * 1:19763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RDPdoor.AE variant outbound connection (snort3-malware-cnc.rules) * 1:19764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RDPdoor.AE variant outbound connection (snort3-malware-cnc.rules) * 1:19765 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules) * 1:19766 <-> DISABLED <-> MALWARE-CNC Win.Worm.Autorun variant outbound connection (snort3-malware-cnc.rules) * 1:19767 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (snort3-malware-cnc.rules) * 1:19769 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (snort3-malware-cnc.rules) * 1:19770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (snort3-malware-cnc.rules) * 1:19771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (snort3-malware-cnc.rules) * 1:19772 <-> ENABLED <-> MALWARE-CNC Virus.Win32.Parite.B variant outbound connection (snort3-malware-cnc.rules) * 1:19773 <-> DISABLED <-> MALWARE-CNC Virus.Win32.Parite.B variant outbound connection (snort3-malware-cnc.rules) * 1:19774 <-> DISABLED <-> MALWARE-CNC Gen-Trojan.Heur variant outbound connection (snort3-malware-cnc.rules) * 1:19775 <-> DISABLED <-> PUA-ADWARE PWS.Win32.Ldpinch.gen outbound connection (snort3-pua-adware.rules) * 1:19776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent2.guy dropper variant outbound connection (snort3-malware-cnc.rules) * 1:19777 <-> DISABLED <-> PUA-ADWARE Fast Antivirus 2009 outbound connection (snort3-pua-adware.rules) * 1:19781 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Agent.aqpn variant outbound connection (snort3-malware-cnc.rules) * 1:19782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AVKill.bc variant outbound connection (snort3-malware-cnc.rules) * 1:19783 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.agcw variant outbound connection (snort3-malware-cnc.rules) * 1:19784 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.sde variant outbound connection (snort3-malware-cnc.rules) * 1:19785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Malushka.T variant outbound connection (snort3-malware-cnc.rules) * 1:19786 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla (snort3-malware-cnc.rules) * 1:19787 <-> DISABLED <-> MALWARE-CNC Exploit-PDF.t variant outbound connection (snort3-malware-cnc.rules) * 1:19788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.VB.pnc variant outbound connection (snort3-malware-cnc.rules) * 1:19789 <-> ENABLED <-> MALWARE-CNC P2P Worm Win.Trojan.SpyBot.pgh variant outbound connection (snort3-malware-cnc.rules) * 1:19790 <-> DISABLED <-> MALWARE-CNC P2P Worm Win.Trojan.SpyBot.pgh variant outbound connection (snort3-malware-cnc.rules) * 1:19791 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Small.awa variant outbound connection (snort3-malware-cnc.rules) * 1:19792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Caxnet.A variant outbound connection (snort3-malware-cnc.rules) * 1:19793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.SillyFDC-DS variant outbound connection (snort3-malware-cnc.rules) * 1:19794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fnumbot variant outbound connection (snort3-malware-cnc.rules) * 1:19795 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV NoAdware variant outbound connection (snort3-malware-cnc.rules) * 1:19796 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DL.CashnJoy.A variant outbound connection (snort3-malware-cnc.rules) * 1:19797 <-> DISABLED <-> MALWARE-CNC Safety Center variant outbound connection (snort3-malware-cnc.rules) * 1:19798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent2.kxu variant outbound connection (snort3-malware-cnc.rules) * 1:19799 <-> DISABLED <-> MALWARE-CNC PWS.Win32.Zbot.gen.Q variant outbound connection (snort3-malware-cnc.rules) * 1:19800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pher.ij variant outbound connection (snort3-malware-cnc.rules) * 1:19801 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (snort3-malware-cnc.rules) * 1:19802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wixud.B variant outbound connection (snort3-malware-cnc.rules) * 1:19803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos.FH variant outbound connection (snort3-malware-cnc.rules) * 1:19804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.ktq variant outbound connection (snort3-malware-cnc.rules) * 1:19805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smser.cx variant outbound connection (snort3-malware-cnc.rules) * 1:19819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ertfor.A variant outbound connection (snort3-malware-cnc.rules) * 1:19820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ertfor.A variant outbound connection (snort3-malware-cnc.rules) * 1:19821 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Bagle.gen.C variant outbound connection (snort3-malware-cnc.rules) * 1:19822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.HH variant outbound connection (snort3-malware-cnc.rules) * 1:19823 <-> DISABLED <-> PUA-ADWARE Downloader.Banload.AKBB outbound connection (snort3-pua-adware.rules) * 1:19824 <-> DISABLED <-> MALWARE-CNC Gen-Trojan.Heur variant outbound connection (snort3-malware-cnc.rules) * 1:19825 <-> DISABLED <-> SERVER-APACHE Apache Killer denial of service tool exploit attempt (snort3-server-apache.rules) * 1:19827 <-> DISABLED <-> PUA-ADWARE PWS-QQGame outbound connection (snort3-pua-adware.rules) * 1:19828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyAgent.B variant outbound connection (snort3-malware-cnc.rules) * 1:19829 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbot.gen variant outbound connection (snort3-malware-cnc.rules) * 1:19830 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poebot.BP variant outbound connection (snort3-malware-cnc.rules) * 1:19831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.SO variant outbound connection (snort3-malware-cnc.rules) * 1:19832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veslorn.gen.A variant outbound connection (snort3-malware-cnc.rules) * 1:19833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.bda variant outbound connection (snort3-malware-cnc.rules) * 1:19834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZBot.RD variant outbound connection (snort3-malware-cnc.rules) * 1:19835 <-> DISABLED <-> PUA-ADWARE Delphi-Piette Windows (snort3-pua-adware.rules) * 1:19836 <-> DISABLED <-> MALWARE-CNC Spy-Net 0.7 runtime (snort3-malware-cnc.rules) * 1:19837 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (snort3-pua-adware.rules) * 1:19838 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (snort3-pua-adware.rules) * 1:19839 <-> DISABLED <-> PUA-ADWARE Antivirus XP 2008 runtime detection (snort3-pua-adware.rules) * 1:19840 <-> DISABLED <-> PUA-ADWARE XP Antispyware 2009 outbound connection (snort3-pua-adware.rules) * 1:19841 <-> DISABLED <-> PUA-ADWARE 0desa MSN password stealer (snort3-pua-adware.rules) * 1:19842 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (snort3-pua-adware.rules) * 1:19843 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (snort3-pua-adware.rules) * 1:19848 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (snort3-pua-adware.rules) * 1:19849 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (snort3-pua-adware.rules) * 1:19850 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.qgg variant outbound connection (snort3-malware-cnc.rules) * 1:19851 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.qgg variant outbound connection (snort3-malware-cnc.rules) * 1:19852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Delf.tbv variant outbound connection (snort3-malware-cnc.rules) * 1:19853 <-> DISABLED <-> PUA-ADWARE Wowpa KI outbound connection (snort3-pua-adware.rules) * 1:19856 <-> DISABLED <-> MALWARE-CNC Packed.Win32.Krap.i variant outbound connection (snort3-malware-cnc.rules) * 1:19857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon.hhbd variant outbound connection - Windows (snort3-malware-cnc.rules) * 1:19858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon.hhbd variant outbound connection - non-Windows (snort3-malware-cnc.rules) * 1:19859 <-> DISABLED <-> PUA-ADWARE XP Deluxe Protector outbound connection (snort3-pua-adware.rules) * 1:19860 <-> DISABLED <-> PUA-ADWARE Trust Warrior outbound connection (snort3-pua-adware.rules) * 1:19861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cqcv variant outbound connection (snort3-malware-cnc.rules) * 1:19862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar.iej variant outbound connection (snort3-malware-cnc.rules) * 1:19863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.yi variant outbound connection (snort3-malware-cnc.rules) * 1:19864 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (snort3-malware-cnc.rules) * 1:19865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arhost.D variant outbound connection (snort3-malware-cnc.rules) * 1:19895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.jwh variant outbound connection (snort3-malware-cnc.rules) * 1:19896 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Install Detection (snort3-pua-adware.rules) * 1:19897 <-> DISABLED <-> PUA-TOOLBARS Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Runtime Detection (snort3-pua-toolbars.rules) * 1:19898 <-> DISABLED <-> MALWARE-CNC Cinmus Variant variant outbound connection (snort3-malware-cnc.rules) * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (snort3-malware-other.rules) * 1:19900 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (snort3-malware-other.rules) * 1:19901 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (snort3-malware-other.rules) * 1:19902 <-> DISABLED <-> PUA-ADWARE Targetedbanner.biz Adrotator outbound connection (snort3-pua-adware.rules) * 1:19903 <-> DISABLED <-> PUA-ADWARE Win32.Agent.vvm outbound connection (snort3-pua-adware.rules) * 1:19904 <-> DISABLED <-> PUA-ADWARE WinReanimator outbound connection (snort3-pua-adware.rules) * 1:19905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.jog variant outbound connection (snort3-malware-cnc.rules) * 1:19906 <-> DISABLED <-> PUA-TOOLBARS 6SQ Toolbar runtime detection (snort3-pua-toolbars.rules) * 1:19912 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (snort3-malware-cnc.rules) * 1:19913 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (snort3-malware-cnc.rules) * 1:19914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quivoe.A variant outbound connection (snort3-malware-cnc.rules) * 1:19915 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler.apd variant outbound connection (snort3-malware-cnc.rules) * 1:19916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.ACB variant outbound connection (snort3-malware-cnc.rules) * 1:19917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sogu.A variant outbound connection (snort3-malware-cnc.rules) * 1:19918 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ganelp.B variant outbound connection (snort3-malware-cnc.rules) * 1:19919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murcy.A variant outbound connection (snort3-malware-cnc.rules) * 1:19920 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reppserv.A outbond connection (snort3-malware-cnc.rules) * 1:19921 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puprlehzae.A variant outbound connection (snort3-malware-cnc.rules) * 1:19922 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz.ivr variant outbound connection (snort3-malware-cnc.rules) * 1:19923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Venik.B variant outbound connection (snort3-malware-cnc.rules) * 1:19924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spidern.A variant outbound connection (snort3-malware-cnc.rules) * 1:19927 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (snort3-malware-backdoor.rules) * 1:19928 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (snort3-malware-backdoor.rules) * 1:19929 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (snort3-malware-backdoor.rules) * 1:19930 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (snort3-malware-backdoor.rules) * 1:19931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lineage.Gen.Pac.3 variant outbound connection (snort3-malware-cnc.rules) * 1:19934 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MYURL (snort3-malware-cnc.rules) * 1:19935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Delf.aba variant outbound connection (snort3-malware-cnc.rules) * 1:19936 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Delf.aba variant outbound connection (snort3-malware-cnc.rules) * 1:19939 <-> DISABLED <-> PUA-ADWARE WeatherStudio outbound connection (snort3-pua-adware.rules) * 1:19940 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.IRC.TKB variant outbound connection - dir4you (snort3-malware-cnc.rules) * 1:19941 <-> DISABLED <-> MALWARE-CNC TrojanSpy Win.Trojan.Zbot.Gen variant outbound connection (snort3-malware-cnc.rules) * 1:19942 <-> DISABLED <-> MALWARE-CNC TrojanSpy Win.Trojan.Zbot.Gen variant outbound connection (snort3-malware-cnc.rules) * 1:19944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Banload.ykl variant outbound connection (snort3-malware-cnc.rules) * 1:19945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Agent.amwd variant outbound connection (snort3-malware-cnc.rules) * 1:19946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Agent.amwd variant outbound connection (snort3-malware-cnc.rules) * 1:19947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.amwd variant outbound connection (snort3-malware-cnc.rules) * 1:19948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.asjk variant outbound connection (snort3-malware-cnc.rules) * 1:19949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.asjk variant outbound connection (snort3-malware-cnc.rules) * 1:19950 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Defsel inbound connection (snort3-malware-cnc.rules) * 1:19951 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Defsel variant outbound connection (snort3-malware-cnc.rules) * 1:19952 <-> ENABLED <-> MALWARE-CNC Biodox inbound connection (snort3-malware-cnc.rules) * 1:19953 <-> DISABLED <-> MALWARE-CNC Biodox variant outbound connection (snort3-malware-cnc.rules) * 1:19954 <-> DISABLED <-> MALWARE-CNC Hack Style RAT variant outbound connection (snort3-malware-cnc.rules) * 1:19955 <-> DISABLED <-> MALWARE-CNC PaiN RAT 0.1 variant outbound connection (snort3-malware-cnc.rules) * 1:19957 <-> DISABLED <-> MALWARE-CNC Arabian-Attacker 1.1.0 variant outbound connection (snort3-malware-cnc.rules) * 1:19958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aulk variant outbound connection (snort3-malware-cnc.rules) * 1:19959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aulk variant outbound connection (snort3-malware-cnc.rules) * 1:19960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aulk variant outbound connection (snort3-malware-cnc.rules) * 1:19961 <-> DISABLED <-> MALWARE-CNC Fouad 1.0 variant outbound connection (snort3-malware-cnc.rules) * 1:19962 <-> DISABLED <-> MALWARE-CNC Email-Worm.CryptBox-A variant outbound connection (snort3-malware-cnc.rules) * 1:19963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Banload.aajs variant outbound connection (snort3-malware-cnc.rules) * 1:19965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Agent.avzz variant outbound connection (snort3-malware-cnc.rules) * 1:19966 <-> DISABLED <-> MALWARE-CNC Octopus 0.1 inbound connection (snort3-malware-cnc.rules) * 1:19967 <-> DISABLED <-> MALWARE-CNC Trojan-PSW.Win32.Papras.dm variant outbound connection (snort3-malware-cnc.rules) * 1:19968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PSW.QQPass.amx variant outbound connection (snort3-malware-cnc.rules) * 1:19969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypt.CY variant outbound connection (snort3-malware-cnc.rules) * 1:19970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smalltroj.MHYR variant outbound connection (snort3-malware-cnc.rules) * 1:19971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop.lj variant outbound connection (snort3-malware-cnc.rules) * 1:19973 <-> DISABLED <-> MALWARE-CNC Worm.Win.Trojan.Nebuler.D variant outbound connection (snort3-malware-cnc.rules) * 1:19974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.bwj variant outbound connection (snort3-malware-cnc.rules) * 1:19975 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypt.vb variant outbound connection (snort3-malware-cnc.rules) * 1:19977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LooksLike.Zaplot variant outbound connection (snort3-malware-cnc.rules) * 1:19979 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (snort3-malware-cnc.rules) * 1:19980 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (snort3-malware-cnc.rules) * 1:19981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micstus.A runtime traffic detected (snort3-malware-cnc.rules) * 1:19982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.wwe variant outbound connection (snort3-malware-cnc.rules) * 1:19983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolabc.fic variant outbound connection (snort3-malware-cnc.rules) * 1:19984 <-> DISABLED <-> PUA-ADWARE Antivirus 2010 outbound connection (snort3-pua-adware.rules) * 1:19987 <-> DISABLED <-> PUA-ADWARE PCLiveGuard outbound connection (snort3-pua-adware.rules) * 1:19988 <-> DISABLED <-> MALWARE-CNC Asprox variant outbound connection (snort3-malware-cnc.rules) * 1:19989 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (snort3-pua-adware.rules) * 1:19990 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (snort3-pua-adware.rules) * 1:19991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PG runtime traffic detected (snort3-malware-cnc.rules) * 1:19992 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Farfli.A runtime traffic detected (snort3-malware-cnc.rules) * 1:19993 <-> DISABLED <-> MALWARE-CNC Win32 Poebot runtime traffic detected (snort3-malware-cnc.rules) * 1:19994 <-> DISABLED <-> PUA-ADWARE Antivirus 360 outbound connection (snort3-pua-adware.rules) * 1:19995 <-> ENABLED <-> MALWARE-CNC Waledac variant outbound connection (snort3-malware-cnc.rules) * 1:19996 <-> DISABLED <-> MALWARE-CNC Worm Brontok.C variant outbound connection (snort3-malware-cnc.rules) * 1:19997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PSW.Win32.QQPass.gam variant outbound connection (snort3-malware-cnc.rules) * 1:19998 <-> ENABLED <-> PUA-ADWARE IP address disclosure to advertisement sites attempt (snort3-pua-adware.rules) * 1:19999 <-> DISABLED <-> PUA-ADWARE ThreatNuker outbound connection (snort3-pua-adware.rules) * 1:20001 <-> ENABLED <-> MALWARE-CNC Allaple.e variant outbound connection (snort3-malware-cnc.rules) * 1:20002 <-> DISABLED <-> MALWARE-CNC Allaple.e variant outbound connection (snort3-malware-cnc.rules) * 1:20003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy Pilonoc runtime traffic detected (snort3-malware-cnc.rules) * 1:20004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy Pilonoc install-time traffic detected (snort3-malware-cnc.rules) * 1:20005 <-> DISABLED <-> MALWARE-CNC Win32 Lecna.cr runtime traffic detected (snort3-malware-cnc.rules) * 1:20006 <-> DISABLED <-> MALWARE-CNC Worm Plurp.A runtime traffic detected (snort3-malware-cnc.rules) * 1:20007 <-> DISABLED <-> PUA-ADWARE Cinmus.asaq outbound connection (snort3-pua-adware.rules) * 1:20008 <-> DISABLED <-> MALWARE-CNC Malware PDFMarca.A runtime traffic detected (snort3-malware-cnc.rules) * 1:20009 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (snort3-malware-cnc.rules) * 1:20010 <-> DISABLED <-> MALWARE-CNC Win32/Babmote.A runtime TCP traffic detected (snort3-malware-cnc.rules) * 1:20011 <-> ENABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (snort3-malware-cnc.rules) * 1:20012 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (snort3-malware-cnc.rules) * 1:20014 <-> DISABLED <-> MALWARE-CNC Kaju variant outbound connection - confirmation (snort3-malware-cnc.rules) * 1:20015 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules) * 1:20016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules) * 1:20017 <-> DISABLED <-> MALWARE-CNC Win.Worm.Koobface.dq variant outbound connection (snort3-malware-cnc.rules) * 1:20018 <-> DISABLED <-> MALWARE-CNC Win.Worm.Autorun variant outbound connection (snort3-malware-cnc.rules) * 1:20019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test (snort3-malware-cnc.rules) * 1:20021 <-> ENABLED <-> MALWARE-CNC Win.Worm.Brontok user-agent outbound connection (snort3-malware-cnc.rules) * 1:20022 <-> DISABLED <-> MALWARE-CNC Win.Worm.Padobot.z variant outbound connection (snort3-malware-cnc.rules) * 1:20023 <-> DISABLED <-> MALWARE-CNC Advanced Virus Remover variant outbound connection (snort3-malware-cnc.rules) * 1:20024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dreamy.bc variant outbound connection (snort3-malware-cnc.rules) * 1:20025 <-> DISABLED <-> PUA-ADWARE VirusBye outbound connection (snort3-pua-adware.rules) * 1:20026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Banker.abg.b variant outbound connection (snort3-malware-cnc.rules) * 1:20028 <-> DISABLED <-> MALWARE-CNC Windows Antivirus Pro variant outbound connection (snort3-malware-cnc.rules) * 1:20034 <-> DISABLED <-> FILE-OTHER ESTsoft ALZip MIM file buffer overflow attempt (snort3-file-other.rules) * 1:20035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Coinbit.A runtime traffic detected (snort3-malware-cnc.rules) * 1:20036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Agent.ndau runtime traffic detected (snort3-malware-cnc.rules) * 1:20037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (snort3-malware-cnc.rules) * 1:20038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (snort3-malware-cnc.rules) * 1:20039 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Hardcore Software (snort3-malware-cnc.rules) * 1:20040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KSpyPro.A variant outbound connection (snort3-malware-cnc.rules) * 1:20041 <-> DISABLED <-> PUA-ADWARE Adware.BB outbound connection (snort3-pua-adware.rules) * 1:20042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal outbond connection (snort3-malware-cnc.rules) * 1:20043 <-> DISABLED <-> MALWARE-CNC Adware Kraddare.AZ variant outbound connection (snort3-malware-cnc.rules) * 1:20057 <-> DISABLED <-> MALWARE-CNC BitCoin Miner IP query (snort3-malware-cnc.rules) * 1:20063 <-> DISABLED <-> PUA-ADWARE SecurityTool outbound connection (snort3-pua-adware.rules) * 1:20064 <-> DISABLED <-> MALWARE-CNC Malware Win.Trojan.Clemag.A variant outbound connection (snort3-malware-cnc.rules) * 1:20066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 SensLiceld.A runtime traffic detected (snort3-malware-cnc.rules) * 1:20067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Zatvex.A runtime traffic detected (snort3-malware-cnc.rules) * 1:20068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jetilms.A runtime activity detected (snort3-malware-cnc.rules) * 1:20069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.alhq runtime traffic detected (snort3-malware-cnc.rules) * 1:20074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.iseee variant outbound connection (snort3-malware-cnc.rules) * 1:20075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill.abl variant outbound connection (snort3-malware-cnc.rules) * 1:20076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agobot.ast variant outbound connection (snort3-malware-cnc.rules) * 1:20077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agobot.ast variant outbound connection (snort3-malware-cnc.rules) * 1:20078 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Russkill.C variant outbound connection (snort3-malware-cnc.rules) * 1:20079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Russkill.C variant outbound connection (snort3-malware-cnc.rules) * 1:20080 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (snort3-malware-cnc.rules) * 1:20081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (snort3-malware-cnc.rules) * 1:20082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inject.raw variant outbound connection (snort3-malware-cnc.rules) * 1:20083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fucobha.A variant outbound connection (snort3-malware-cnc.rules) * 1:20085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veebuu.BX variant outbound connection (snort3-malware-cnc.rules) * 1:20086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.ABY variant outbound connection (snort3-malware-cnc.rules) * 1:20087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.FGU variant outbound connection (snort3-malware-cnc.rules) * 1:20088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emudbot.A variant outbound connection (snort3-malware-cnc.rules) * 1:20096 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent.dcir variant outbound connection (snort3-malware-cnc.rules) * 1:20097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.dcir infected host at destination ip (snort3-malware-cnc.rules) * 1:20098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KeyLogger.wav variant outbound connection (snort3-malware-cnc.rules) * 1:20099 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (snort3-malware-cnc.rules) * 1:20104 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (snort3-malware-cnc.rules) * 1:20105 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (snort3-malware-cnc.rules) * 1:20106 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (snort3-malware-cnc.rules) * 1:20107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Small.Cns variant outbound connection (snort3-malware-cnc.rules) * 1:20108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Pher variant outbound connection (snort3-malware-cnc.rules) * 1:20109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zombie.sm variant outbound connection (snort3-malware-cnc.rules) * 1:20123 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (snort3-file-office.rules) * 1:20128 <-> DISABLED <-> FILE-OFFICE Microsoft Office invalid MS-OGRAPH DataFormat buffer overflow attempt (snort3-file-office.rules) * 1:20179 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:20180 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:20202 <-> ENABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (snort3-malware-cnc.rules) * 1:20204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Taidoor variant outbound connection (snort3-malware-cnc.rules) * 1:20205 <-> DISABLED <-> MALWARE-CNC Win32/Poison beaconing request (snort3-malware-cnc.rules) * 1:20213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (snort3-malware-cnc.rules) * 1:20217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramagedos.A variant outbound connection (snort3-malware-cnc.rules) * 1:20218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramagedos.A variant outbound connection (snort3-malware-cnc.rules) * 1:20219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ToriaSpy.A variant outbound connection (snort3-malware-cnc.rules) * 1:20220 <-> DISABLED <-> PUA-ADWARE Adware.Wizpop outbound connection (snort3-pua-adware.rules) * 1:20221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (snort3-malware-cnc.rules) * 1:20222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Payazol.B variant outbound connection (snort3-malware-cnc.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (snort3-file-identify.rules) * 1:20224 <-> DISABLED <-> FILE-MULTIMEDIA MPlayer SMI file buffer overflow attempt (snort3-file-multimedia.rules) * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (snort3-file-other.rules) * 1:20226 <-> DISABLED <-> FILE-OTHER MPlayer SMI file buffer overflow attempt (snort3-file-other.rules) * 1:20228 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (snort3-malware-cnc.rules) * 1:20229 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (snort3-malware-cnc.rules) * 1:20230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (snort3-malware-cnc.rules) * 1:20231 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (snort3-malware-cnc.rules) * 1:20232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (snort3-malware-cnc.rules) * 1:20233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (snort3-malware-cnc.rules) * 1:20234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ceckno.cmz runtime traffic detected (snort3-malware-cnc.rules) * 1:20235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AdobeReader.Uz runtime traffic detected (snort3-malware-cnc.rules) * 1:20252 <-> DISABLED <-> MALWARE-CNC DroidKungFu check-in (snort3-malware-cnc.rules) * 1:20280 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (snort3-malware-cnc.rules) * 1:20281 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (snort3-malware-cnc.rules) * 1:20289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doschald.A variant outbound connection (snort3-malware-cnc.rules) * 1:20290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doschald.A inbound connection (snort3-malware-cnc.rules) * 1:20291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mybios.A variant outbound connection (snort3-malware-cnc.rules) * 1:20292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FresctSpy.A variant outbound connection (snort3-malware-cnc.rules) * 1:20293 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (snort3-malware-cnc.rules) * 1:20387 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (snort3-protocol-voip.rules) * 1:20388 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (snort3-protocol-voip.rules) * 1:20428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zewit.A variant outbound connection (snort3-malware-cnc.rules) * 1:20429 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (snort3-file-pdf.rules) * 1:20431 <-> DISABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (snort3-file-other.rules) * 1:20433 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 anutayadokalug host outbound connection (snort3-pua-adware.rules) * 1:20434 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 proantivirus21 host runtime traffic detection (snort3-pua-adware.rules) * 1:20435 <-> DISABLED <-> MALWARE-CNC TrojanSpy Win.Trojan.Zbot.Svr runtime traffic detected (snort3-malware-cnc.rules) * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (snort3-file-java.rules) * 1:20447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.JAAK variant outbound connection (snort3-malware-cnc.rules) * 1:20448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meciv.A variant outbound connection (snort3-malware-cnc.rules) * 1:20449 <-> DISABLED <-> MALWARE-CNC Win.Worm.Busifom.A variant outbound connection (snort3-malware-cnc.rules) * 1:20525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duqu variant outbound connection (snort3-malware-cnc.rules) * 1:20527 <-> ENABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (snort3-malware-cnc.rules) * 1:20528 <-> DISABLED <-> SERVER-APACHE Apache mod_proxy reverse proxy information disclosure attempt (snort3-server-apache.rules) * 1:20558 <-> ENABLED <-> EXPLOIT-KIT URI request for known malicious URI /stat2.php (snort3-exploit-kit.rules) * 1:20559 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI file buffer overflow attempt (snort3-file-multimedia.rules) * 1:20561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PWSBanker.SHE variant outbound connection (snort3-malware-cnc.rules) * 1:20562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PWSBanker.SHE variant outbound connection (snort3-malware-cnc.rules) * 1:20565 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (snort3-file-other.rules) * 1:20566 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (snort3-file-other.rules) * 1:20569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.kb variant outbound connection (snort3-malware-cnc.rules) * 1:20570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.kb variant outbound connection (snort3-malware-cnc.rules) * 1:20571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.kb variant outbound connection (snort3-malware-cnc.rules) * 1:20587 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larchik.A variant outbound connection (snort3-malware-cnc.rules) * 1:20595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ixeshe.F variant outbound connection (snort3-malware-cnc.rules) * 1:20596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outbound connection (snort3-malware-cnc.rules) * 1:20597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outbound connection (snort3-malware-cnc.rules) * 1:20598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outbound connection (snort3-malware-cnc.rules) * 1:20599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outbound connection (snort3-malware-cnc.rules) * 1:20604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus.isqy variant outbound connection (snort3-malware-cnc.rules) * 1:20605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.R2d2.A contact to cnc server (snort3-malware-cnc.rules) * 1:20606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Domsingx.A variant outbound connection (snort3-malware-cnc.rules) * 1:20619 <-> DISABLED <-> SERVER-WEBAPP CoreHTTP Long buffer overflow attempt (snort3-server-webapp.rules) * 1:20620 <-> DISABLED <-> SERVER-WEBAPP CoreHTTP Long buffer overflow attempt (snort3-server-webapp.rules) * 1:20622 <-> DISABLED <-> FILE-JAVA Oracle Java Applet remote code execution attempt (snort3-file-java.rules) * 1:20626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shylock.A variant outbound connection (snort3-malware-cnc.rules) * 1:20627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shylock.A C&C server response (snort3-malware-cnc.rules) * 1:20628 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt (snort3-server-webapp.rules) * 1:20630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winnti.A contact to cnc server (snort3-malware-cnc.rules) * 1:20632 <-> DISABLED <-> SERVER-WEBAPP AnnoncesV annonce.php remote file include attempt (snort3-server-webapp.rules) * 1:20635 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt (snort3-server-webapp.rules) * 1:20636 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (snort3-file-image.rules) * 1:20637 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (snort3-file-image.rules) * 1:20639 <-> DISABLED <-> MALWARE-CNC Malware Win.Trojan.Higest.N variant outbound connection (snort3-malware-cnc.rules) * 1:20659 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (snort3-file-pdf.rules) * 1:20661 <-> DISABLED <-> MALWARE-CNC Simbda variant outbound connection (snort3-malware-cnc.rules) * 1:20668 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - /content/v1.jar (snort3-exploit-kit.rules) * 1:20669 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - w.php?f= (snort3-exploit-kit.rules) * 1:20676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.EggDrop.acn variant outbound connection (snort3-malware-cnc.rules) * 1:20677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.EggDrop.acn variant outbound connection (snort3-malware-cnc.rules) * 1:20678 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Genome.aior variant outbound connection (snort3-malware-cnc.rules) * 1:20679 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syrutrk variant outbound connection (snort3-malware-cnc.rules) * 1:20680 <-> DISABLED <-> SERVER-WEBAPP Flashchat aedating4CMS.php remote file include attempt (snort3-server-webapp.rules) * 1:20681 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Agent.NMS variant outbound connection (snort3-malware-cnc.rules) * 1:20682 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Agent.NMS variant outbound connection (snort3-malware-cnc.rules) * 1:20683 <-> DISABLED <-> MALWARE-CNC Cleanvaccine variant outbound connection (snort3-malware-cnc.rules) * 1:20684 <-> DISABLED <-> MALWARE-CNC Cleanvaccine variant outbound connection (snort3-malware-cnc.rules) * 1:20685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heloag.A variant outbound connection (snort3-malware-cnc.rules) * 1:20686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut.BM connect to client (snort3-malware-cnc.rules) * 1:20687 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Genome.akhg variant outbound connection (snort3-malware-cnc.rules) * 1:20688 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.Zbot.Jeib variant outbound connection (snort3-malware-cnc.rules) * 1:20689 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.Zbot.Jeib variant outbound connection (snort3-malware-cnc.rules) * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (snort3-policy-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (snort3-policy-other.rules) * 1:20693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackcontrol.A variant outbound connection (snort3-malware-cnc.rules) * 1:20694 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SSonce.A variant outbound connection (snort3-malware-cnc.rules) * 1:20695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.GZW connect to cnc server (snort3-malware-cnc.rules) * 1:20696 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom.CK connect to cnc server (snort3-malware-cnc.rules) * 1:20697 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom.CK connect to cnc server (snort3-malware-cnc.rules) * 1:20722 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (snort3-file-office.rules) * 1:20728 <-> DISABLED <-> SERVER-WEBAPP WoW Roster remote file include with hslist.php and conf.php attempt (snort3-server-webapp.rules) * 1:20731 <-> DISABLED <-> SERVER-WEBAPP TSEP tsep_config absPath parameter PHP remote file include attempt (snort3-server-webapp.rules) * 1:20752 <-> DISABLED <-> PUA-ADWARE Win32.GameVance outbound connection (snort3-pua-adware.rules) * 1:20753 <-> DISABLED <-> PUA-ADWARE Win32.GamePlayLabs outbound connection (snort3-pua-adware.rules) * 1:20754 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (snort3-malware-cnc.rules) * 1:20755 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (snort3-malware-cnc.rules) * 1:20756 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (snort3-malware-cnc.rules) * 1:20759 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (snort3-malware-cnc.rules) * 1:20762 <-> ENABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (snort3-malware-cnc.rules) * 1:20830 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra.amdu variant outbound connection (snort3-malware-cnc.rules) * 1:20831 <-> ENABLED <-> FILE-JAVA Oracle Java Applet Rhino script engine remote code execution attempt (snort3-file-java.rules) * 1:20836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy.A runtime traffic detected (snort3-malware-cnc.rules) * 1:20837 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (snort3-malware-cnc.rules) * 1:20838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smokebot.A runtime traffic detected (snort3-malware-cnc.rules) * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:20844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.smxy runtime traffic detected (snort3-malware-cnc.rules) * 1:20845 <-> DISABLED <-> SERVER-WEBAPP HP Network Node Manager cross site scripting attempt (snort3-server-webapp.rules) * 1:20877 <-> DISABLED <-> MALWARE-CNC RunTime Worm.Win32.Warezov.gs variant outbound connection (snort3-malware-cnc.rules) * 1:20890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.adbp runtime traffic detected (snort3-malware-cnc.rules) * 1:20891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.adbp runtime traffic detected (snort3-malware-cnc.rules) * 1:20892 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Skopvel.A runtime traffic detected (snort3-malware-cnc.rules) * 1:20927 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (snort3-malware-cnc.rules) * 1:20995 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (snort3-policy-other.rules) * 1:20996 <-> DISABLED <-> POLICY-OTHER HP SiteScope integrationViewer default credentials policy-bypass attempt (snort3-policy-other.rules) * 1:21051 <-> DISABLED <-> SERVER-WEBAPP Apple OSX software update command execution attempt (snort3-server-webapp.rules) * 1:21055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Utka.A variant outbound connection (snort3-malware-cnc.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (snort3-file-other.rules) * 1:21058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AutoIt.pm runtime traffic detected (snort3-malware-cnc.rules) * 1:21065 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Edituser cross site scripting attempt (snort3-server-webapp.rules) * 1:21066 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Systemdashboard cross site scripting attempt (snort3-server-webapp.rules) * 1:21067 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager TOC_simple cross site scripting attempt (snort3-server-webapp.rules) * 1:21082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (snort3-file-office.rules) * 1:21083 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel window2 record use after free attempt (snort3-file-office.rules) * 1:21087 <-> DISABLED <-> MALWARE-CNC Bindow.Worm runtime traffic detected (snort3-malware-cnc.rules) * 1:21093 <-> DISABLED <-> FILE-MULTIMEDIA A-PDF Wav to mp3 converter buffer overfow (snort3-file-multimedia.rules) * 1:21100 <-> DISABLED <-> PROTOCOL-RPC Novell Netware xdr decode string length buffer overflow attempt (snort3-protocol-rpc.rules) * 1:21107 <-> DISABLED <-> FILE-MULTIMEDIA MJM Quickplayer s3m buffer overflow (snort3-file-multimedia.rules) * 1:21112 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (snort3-file-multimedia.rules) * 1:21116 <-> DISABLED <-> FILE-OTHER Cisco Webex selector and size2 subrecords corruption attempt (snort3-file-other.rules) * 1:21122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandok.zp runtime traffic detected (snort3-malware-cnc.rules) * 1:21123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flymux.A runtime traffic detected (snort3-malware-cnc.rules) * 1:21124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki.A runtime traffic detected (snort3-malware-cnc.rules) * 1:21125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alureon.DG runtime traffic detected (snort3-malware-cnc.rules) * 1:21126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koutodoor.C runtime traffic detected (snort3-malware-cnc.rules) * 1:21127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Setfic.A runtime traffic detected (snort3-malware-cnc.rules) * 1:21128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dromedan.A runtime traffic detected (snort3-malware-cnc.rules) * 1:21142 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (snort3-malware-cnc.rules) * 1:21143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (snort3-malware-cnc.rules) * 1:21144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (snort3-malware-cnc.rules) * 1:21145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neraweq.A runtime traffic detected (snort3-malware-cnc.rules) * 1:21151 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stegae.A runtime traffic detected (snort3-malware-cnc.rules) * 1:21160 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:21169 <-> DISABLED <-> PUA-ADWARE Apperhand SDK advertising data request - Counterclank (snort3-pua-adware.rules) * 1:21170 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (snort3-file-office.rules) * 1:21175 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (snort3-malware-cnc.rules) * 1:21176 <-> DISABLED <-> PUA-ADWARE Win32.WindowsOptimizationAndSecurity outbound connection (snort3-pua-adware.rules) * 1:21177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ganipin.A inbound connection (snort3-malware-cnc.rules) * 1:21178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Chekafe.A variant outbound connection (snort3-malware-cnc.rules) * 1:21179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coofus.RFM variant outbound connection (snort3-malware-cnc.rules) * 1:21180 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Magania.clfv variant outbound connection (snort3-malware-cnc.rules) * 1:21181 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.czgu variant outbound connection (snort3-malware-cnc.rules) * 1:21182 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MeSub.ac variant outbound connection (snort3-malware-cnc.rules) * 1:21183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.alfu variant outbound connection (snort3-malware-cnc.rules) * 1:21184 <-> DISABLED <-> PUA-ADWARE Internet Security 2010 outbound connection (snort3-pua-adware.rules) * 1:21185 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Kufgal.A inbound connection (snort3-malware-cnc.rules) * 1:21187 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xlahlah.A variant outbound connection (snort3-malware-cnc.rules) * 1:21192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syswrt.dvd variant outbound connection (snort3-malware-cnc.rules) * 1:21193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalbot.A variant outbound connection (snort3-malware-cnc.rules) * 1:21194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst.A variant outbound connection (snort3-malware-cnc.rules) * 1:21195 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Protux.B variant outbound connection (snort3-malware-cnc.rules) * 1:21196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw.A variant outbound connection (snort3-malware-cnc.rules) * 1:21197 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw.A variant outbound connection (snort3-malware-cnc.rules) * 1:21198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qinubot.A variant outbound connection (snort3-malware-cnc.rules) * 1:21199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qinubot.A variant outbound connection (snort3-malware-cnc.rules) * 1:21202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scapzilla.A variant outbound connection (snort3-malware-cnc.rules) * 1:21203 <-> DISABLED <-> MALWARE-CNC Virus Win.Trojan.Induc.B variant outbound connection (snort3-malware-cnc.rules) * 1:21204 <-> DISABLED <-> MALWARE-CNC Virus Win.Trojan.Induc.B variant outbound connection (snort3-malware-cnc.rules) * 1:21205 <-> DISABLED <-> MALWARE-CNC Virus Win.Trojan.Induc.B variant outbound connection (snort3-malware-cnc.rules) * 1:21206 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (snort3-malware-cnc.rules) * 1:21207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dekara.A variant outbound connection (snort3-malware-cnc.rules) * 1:21208 <-> ENABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (snort3-malware-cnc.rules) * 1:21209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enviserv.A variant outbound connection (snort3-malware-cnc.rules) * 1:21210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rallovs.A variant outbound connection (snort3-malware-cnc.rules) * 1:21211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.slrj variant outbound connection (snort3-malware-cnc.rules) * 1:21212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon.nkor variant outbound connection (snort3-malware-cnc.rules) * 1:21213 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Cridex.B variant outbound connection (snort3-malware-cnc.rules) * 1:21214 <-> DISABLED <-> SERVER-APACHE Apache server mod_proxy reverse proxy bypass attempt (snort3-server-apache.rules) * 1:21215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Am variant outbound connection (snort3-malware-cnc.rules) * 1:21216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Am variant outbound connection (snort3-malware-cnc.rules) * 1:21217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Am variant outbound connection (snort3-malware-cnc.rules) * 1:21218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodager.C variant outbound connection (snort3-malware-cnc.rules) * 1:21219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysckbc variant outbound connection (snort3-malware-cnc.rules) * 1:21220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Susnatache.A inbound connection (snort3-malware-cnc.rules) * 1:21221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Susnatache.A variant outbound connection (snort3-malware-cnc.rules) * 1:21222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kcahneila.A variant outbound connection (snort3-malware-cnc.rules) * 1:21223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gyplit.A variant outbound connection (snort3-malware-cnc.rules) * 1:21224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MacOS.DevilRobber.A variant outbound connection (snort3-malware-cnc.rules) * 1:21225 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (snort3-malware-cnc.rules) * 1:21226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Louisdreyfu.A variant outbound connection (snort3-malware-cnc.rules) * 1:21227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulknet variant outbound connection (snort3-malware-cnc.rules) * 1:21228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerberat variant outbound connection (snort3-malware-cnc.rules) * 1:21229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Synljdos variant outbound connection (snort3-malware-cnc.rules) * 1:21230 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (snort3-malware-cnc.rules) * 1:21243 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (snort3-file-office.rules) * 1:21249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBasddsa.A runtime traffic detected (snort3-malware-cnc.rules) * 1:21250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBasddsa.A runtime traffic detected (snort3-malware-cnc.rules) * 1:21251 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sirefef.P variant outbound connection (snort3-malware-cnc.rules) * 1:21252 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sirefef.P variant outbound connection (snort3-malware-cnc.rules) * 1:21253 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (snort3-file-pdf.rules) * 1:21254 <-> DISABLED <-> FILE-PDF Foxit Reader createDataObject file write attempt (snort3-file-pdf.rules) * 1:21273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tusha variant runtime traffic detected (snort3-malware-cnc.rules) * 1:21274 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tusha variant runtime traffic detected (snort3-malware-cnc.rules) * 1:21277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shexie.A runtime traffic detected (snort3-malware-cnc.rules) * 1:21278 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (snort3-malware-cnc.rules) * 1:21279 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot.s runtime traffic detected (snort3-malware-cnc.rules) * 1:21280 <-> DISABLED <-> MALWARE-CNC Win32 Turkojan.C runtime traffic detected (snort3-malware-cnc.rules) * 1:21289 <-> DISABLED <-> OS-WINDOWS Microsoft Color Control Panel STI.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:21290 <-> DISABLED <-> OS-WINDOWS Microsoft Color Control Panel STI.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:21294 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancodor.be runtime traffic detected (snort3-malware-cnc.rules) * 1:21303 <-> DISABLED <-> MALWARE-CNC Win32 Initor.ag runtime traffic detected (snort3-malware-cnc.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (snort3-server-other.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (snort3-server-other.rules) * 1:21378 <-> DISABLED <-> SERVER-OTHER Novell iPrint attributes-natural-language buffer overflow attempt (snort3-server-other.rules) * 1:21379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome.Amqj runtime traffic detected (snort3-malware-cnc.rules) * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (snort3-malware-cnc.rules) * 1:21381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dialer.ngb runtime traffic detected (snort3-malware-cnc.rules) * 1:21382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host setting3.yeahost.com runtime traffic detected (snort3-malware-cnc.rules) * 1:21383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host 9999mb.com runtime traffic detected (snort3-malware-cnc.rules) * 1:21384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host freewebs.com runtime traffic detected (snort3-malware-cnc.rules) * 1:21386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wadolin.A runtime traffic detected (snort3-malware-cnc.rules) * 1:21387 <-> DISABLED <-> FILE-JAVA Oracle Java runtime RMIConnectionImpl deserialization execution attempt (snort3-file-java.rules) * 1:21390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agobot.dl runtime traffic detected (snort3-malware-cnc.rules) * 1:21391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.dcac runtime traffic detected (snort3-malware-cnc.rules) * 1:21393 <-> DISABLED <-> FILE-MULTIMEDIA Magix Musik Maker 16 buffer overflow attempt (snort3-file-multimedia.rules) * 1:21397 <-> DISABLED <-> FILE-MULTIMEDIA MicroP mppl stack buffer overflow (snort3-file-multimedia.rules) * 1:21413 <-> DISABLED <-> FILE-OTHER PeaZip command injection attempt (snort3-file-other.rules) * 1:21418 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (snort3-malware-cnc.rules) * 1:21421 <-> DISABLED <-> PROTOCOL-DNS ISC BIND DNSSEC authority response record overflow attempt (snort3-protocol-dns.rules) * 1:21464 <-> DISABLED <-> MALWARE-CNC Downloader-CEW.b runtime traffic detected (snort3-malware-cnc.rules) * 1:21466 <-> DISABLED <-> MALWARE-CNC Autorun.BDS runtime traffic detected (snort3-malware-cnc.rules) * 1:21469 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (snort3-malware-cnc.rules) * 1:21473 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameThief variant outbound connection (snort3-malware-cnc.rules) * 1:21477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noobot variant outbound connection (snort3-malware-cnc.rules) * 1:21486 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (snort3-malware-cnc.rules) * 1:21491 <-> DISABLED <-> PROTOCOL-SCADA Sielco Sistemi Winlog Pro stack buffer overflow attempt (snort3-protocol-scada.rules) * 1:21495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vilsel variant outbound connection (snort3-malware-cnc.rules) * 1:21496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saeeka variant outbound connection (snort3-malware-cnc.rules) * 1:21497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saeeka variant outbound connection (snort3-malware-cnc.rules) * 1:21511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vaxpy variant outbound connection (snort3-malware-cnc.rules) * 1:21520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (snort3-malware-cnc.rules) * 1:21521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob update connection (snort3-malware-cnc.rules) * 1:21527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader registration connection detection (snort3-malware-cnc.rules) * 1:21528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader keep-alive connection detection (snort3-malware-cnc.rules) * 1:21557 <-> DISABLED <-> FILE-OTHER Apple OSX ZIP archive shell script execution attempt (snort3-file-other.rules) * 1:21563 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (snort3-malware-cnc.rules) * 1:21564 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (snort3-malware-cnc.rules) * 1:21566 <-> DISABLED <-> OS-WINDOWS Microsoft Expression Design wintab32.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:21595 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization request detection (snort3-os-mobile.rules) * 1:21596 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D initialization response detection (snort3-os-mobile.rules) * 1:21597 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging request detection (snort3-os-mobile.rules) * 1:21598 <-> DISABLED <-> OS-MOBILE Android/Nickispy.D sms logging response detection (snort3-os-mobile.rules) * 1:21609 <-> DISABLED <-> SERVER-WEBAPP SurgeMail webmail.exe page format string exploit attempt (snort3-server-webapp.rules) * 1:21669 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk missing SIP version denial of service attempt (snort3-protocol-voip.rules) * 1:21760 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (snort3-malware-cnc.rules) * 1:21761 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (snort3-malware-cnc.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (snort3-file-office.rules) * 1:2179 <-> DISABLED <-> PROTOCOL-FTP PASS format string attempt (snort3-protocol-ftp.rules) * 1:21858 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (snort3-file-pdf.rules) * 1:21859 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader msiexec.exe file load exploit attempt (snort3-file-pdf.rules) * 1:21913 <-> DISABLED <-> SERVER-OTHER EMC data protection advisor DOS attempt (snort3-server-other.rules) * 1:21914 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (snort3-server-other.rules) * 1:21922 <-> DISABLED <-> FILE-OTHER VLC mms hostname buffer overflow attempt (snort3-file-other.rules) * 1:21947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VicSpy.A variant outbound connection (snort3-malware-cnc.rules) * 1:21967 <-> DISABLED <-> MALWARE-BACKDOOR Rebhip.A runtime detection (snort3-malware-backdoor.rules) * 1:21970 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant outbound connection (snort3-malware-backdoor.rules) * 1:21971 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Zlob.P variant inbound connection (snort3-malware-backdoor.rules) * 1:21972 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash variant outbound connection (snort3-malware-backdoor.rules) * 1:21973 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.ZZSlash runtime detection (snort3-malware-backdoor.rules) * 1:21974 <-> DISABLED <-> MALWARE-CNC Worm.Expichu variant inbound connection (snort3-malware-cnc.rules) * 1:21975 <-> DISABLED <-> MALWARE-CNC Worm.Expichu variant inbound connection (snort3-malware-cnc.rules) * 1:21976 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Lapurd.D variant outbound connection (snort3-malware-cnc.rules) * 1:21982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Insain variant outbound connection (snort3-malware-cnc.rules) * 1:21995 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (snort3-malware-cnc.rules) * 1:21996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (snort3-malware-cnc.rules) * 1:22048 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (snort3-malware-cnc.rules) * 1:22078 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (snort3-file-office.rules) * 1:22947 <-> DISABLED <-> FILE-OTHER Novell Groupwise Addressbook buffer overflow attempt (snort3-file-other.rules) * 1:22948 <-> DISABLED <-> PROTOCOL-VOIP Avaya WinPDM header buffer overflow attempt (snort3-protocol-voip.rules) * 1:22950 <-> DISABLED <-> SERVER-WEBAPP EXIF header parsing integer overflow attempt big endian (snort3-server-webapp.rules) * 1:22951 <-> DISABLED <-> SERVER-WEBAPP EXIF header parsing integer overflow attempt little endian (snort3-server-webapp.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (snort3-file-java.rules) * 1:23014 <-> DISABLED <-> FILE-OTHER Adobe Photoshop asset elements stack based buffer overflow attempt (snort3-file-other.rules) * 1:23046 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish Enterprise server cross site scripting attempt (snort3-server-webapp.rules) * 1:23047 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish Enterprise server cross site scripting attempt (snort3-server-webapp.rules) * 1:23051 <-> DISABLED <-> MALWARE-CNC Dybalom.A runtime traffic detected (snort3-malware-cnc.rules) * 1:23055 <-> DISABLED <-> PROTOCOL-FTP Cisco IOS FTP MKD buffer overflow attempt (snort3-protocol-ftp.rules) * 1:23056 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceR3Info buffer overflow attempt (snort3-server-other.rules) * 1:23099 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceHex denial of service attempt (snort3-server-other.rules) * 1:23102 <-> DISABLED <-> POLICY-OTHER Seagate BlackArmor administrator password reset attempt (snort3-policy-other.rules) * 1:23111 <-> DISABLED <-> POLICY-OTHER PHP uri tag injection attempt (snort3-policy-other.rules) * 1:23170 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (snort3-file-multimedia.rules) * 1:23176 <-> DISABLED <-> MALWARE-CNC Donbot.A runtime traffic detected (snort3-malware-cnc.rules) * 1:23177 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway timer.php cross site scripting attempt (snort3-server-webapp.rules) * 1:23178 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement flood attempt (snort3-protocol-icmp.rules) * 1:23213 <-> DISABLED <-> SQL Ruby on rails SQL injection attempt (snort3-sql.rules) * 1:23234 <-> DISABLED <-> MALWARE-CNC Frethog.MK runtime traffic detected (snort3-malware-cnc.rules) * 1:23235 <-> DISABLED <-> MALWARE-CNC PBin.A runtime traffic detected (snort3-malware-cnc.rules) * 1:23238 <-> DISABLED <-> NETBIOS Wireshark console.lua file load exploit attempt (snort3-netbios.rules) * 1:23239 <-> DISABLED <-> SERVER-OTHER Wireshark console.lua file load exploit attempt (snort3-server-other.rules) * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (snort3-server-other.rules) * 1:23243 <-> DISABLED <-> FILE-JAVA Oracle Java Zip file directory record overflow attempt (snort3-file-java.rules) * 1:23269 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (snort3-file-other.rules) * 1:23271 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (snort3-file-multimedia.rules) * 1:23272 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (snort3-file-multimedia.rules) * 1:23340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nitol.B variant outbound connection (snort3-malware-cnc.rules) * 1:23341 <-> ENABLED <-> MALWARE-BACKDOOR Win.Backdoor.Tinrot.A runtime detection (snort3-malware-backdoor.rules) * 1:23346 <-> DISABLED <-> FILE-OTHER Oracle outside in Lotus 1-2-3 heap overflow attempt (snort3-file-other.rules) * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (snort3-server-other.rules) * 1:23368 <-> DISABLED <-> PROTOCOL-DNS Tftpd32 DNS server denial of service attempt (snort3-protocol-dns.rules) * 1:23397 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services stack buffer overflow attempt (snort3-server-other.rules) * 1:23398 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services stack buffer overflow attempt (snort3-server-other.rules) * 1:23401 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish server REST interface cross site request forgery attempt (snort3-server-webapp.rules) * 1:23480 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino webadmin.nsf directory traversal attempt (snort3-server-webapp.rules) * 1:23484 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Invit0r plugin non-image file upload attempt (snort3-indicator-compromise.rules) * 1:23485 <-> DISABLED <-> SERVER-WEBAPP Wordpress Invit0r plugin php upload attempt (snort3-server-webapp.rules) * 1:23544 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt (snort3-file-office.rules) * 1:23560 <-> DISABLED <-> FILE-JAVA Oracle Java Zip file directory record overflow attempt (snort3-file-java.rules) * 1:23577 <-> DISABLED <-> FILE-OTHER VLC mms hostname buffer overflow attempt (snort3-file-other.rules) * 1:23580 <-> DISABLED <-> FILE-OTHER Novell Groupwise Addressbook buffer overflow attempt (snort3-file-other.rules) * 1:23581 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (snort3-file-multimedia.rules) * 1:23587 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (snort3-file-multimedia.rules) * 1:23588 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (snort3-file-multimedia.rules) * 1:23589 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:23590 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (snort3-file-image.rules) * 1:23598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slagent outgoing connection (snort3-malware-cnc.rules) * 1:23599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slagent outgoing connection (snort3-malware-cnc.rules) * 1:23624 <-> DISABLED <-> SERVER-OTHER Ubisoft Uplay browser plugin backdoor attempt (snort3-server-other.rules) * 1:23783 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway pbcontrol.php filename parameter command injection attempt (snort3-server-webapp.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (snort3-os-windows.rules) * 1:23879 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (snort3-file-pdf.rules) * 1:23880 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (snort3-file-pdf.rules) * 1:23934 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway blocked.php blind sql injection attempt (snort3-server-webapp.rules) * 1:23938 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (snort3-malware-cnc.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (snort3-server-oracle.rules) * 1:24007 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long server name buffer overflow attempt (snort3-os-windows.rules) * 1:24026 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:24029 <-> DISABLED <-> FILE-OTHER Oracle outside in Lotus 1-2-3 heap overflow attempt (snort3-file-other.rules) * 1:24083 <-> ENABLED <-> FILE-OTHER ESTsoft ALZip MIM file buffer overflow attempt (snort3-file-other.rules) * 1:24123 <-> DISABLED <-> MALWARE-BACKDOOR Virus.Win32.Xpaj.A variant outbound connection (snort3-malware-backdoor.rules) * 1:24128 <-> DISABLED <-> OS-WINDOWS Microsoft SCCM ReportChart xss attempt (snort3-os-windows.rules) * 1:24147 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (snort3-server-webapp.rules) * 1:2417 <-> DISABLED <-> PROTOCOL-FTP format string attempt (snort3-protocol-ftp.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (snort3-file-identify.rules) * 1:24207 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (snort3-file-other.rules) * 1:24208 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (snort3-file-other.rules) * 1:24209 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (snort3-file-other.rules) * 1:24240 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (snort3-file-office.rules) * 1:24241 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (snort3-file-office.rules) * 1:24242 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (snort3-file-office.rules) * 1:24256 <-> ENABLED <-> MALWARE-BACKDOOR phpMyAdmin server_sync.php backdoor access attempt (snort3-malware-backdoor.rules) * 1:24291 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APISiteScopeImpl information disclosure attempt (snort3-server-webapp.rules) * 1:24292 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APISiteScopeImpl information disclosure attempt (snort3-server-webapp.rules) * 1:24296 <-> DISABLED <-> PROTOCOL-ICMP IPv6 router advertisement invalid prefix option attempt (snort3-protocol-icmp.rules) * 1:24321 <-> DISABLED <-> SERVER-OTHER HP StorageWorks File Migration Agent buffer overflow attempt (snort3-server-other.rules) * 1:24337 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (snort3-server-other.rules) * 1:24446 <-> DISABLED <-> SERVER-OTHER EMC NetWorker SunRPC format string exploit attempt (snort3-server-other.rules) * 1:24480 <-> DISABLED <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt (snort3-protocol-scada.rules) * 1:24487 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (snort3-file-pdf.rules) * 1:24507 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (snort3-file-pdf.rules) * 1:24508 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (snort3-file-pdf.rules) * 1:24518 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway PHP remote code injection attempt (snort3-server-webapp.rules) * 1:24519 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway PHP remote code execution attempt (snort3-server-webapp.rules) * 1:24520 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt (snort3-server-webapp.rules) * 1:24524 <-> DISABLED <-> SERVER-MAIL Novell GroupWise internet agent iCalendar parsing denial of service attempt (snort3-server-mail.rules) * 1:24536 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (snort3-server-other.rules) * 1:24537 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (snort3-server-other.rules) * 1:24538 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center uam.exe stack buffer overflow attempt (snort3-server-other.rules) * 1:24628 <-> DISABLED <-> SERVER-WEBAPP Webmin show.cgi arbitrary command injection attempt (snort3-server-webapp.rules) * 1:24647 <-> DISABLED <-> SERVER-WEBAPP D-Link Wireless Router CAPTCHA data processing buffer overflow attempt (snort3-server-webapp.rules) * 1:24652 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (snort3-file-other.rules) * 1:24686 <-> DISABLED <-> SERVER-OTHER HP StorageWorks file migration agent buffer overflow attempt (snort3-server-other.rules) * 1:24696 <-> DISABLED <-> PROTOCOL-RPC EMC Networker nsrindexd.exe procedure 0x01 buffer overflow attempt (snort3-protocol-rpc.rules) * 1:24699 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (snort3-file-multimedia.rules) * 1:24700 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (snort3-file-multimedia.rules) * 1:24701 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (snort3-file-java.rules) * 1:24706 <-> DISABLED <-> SERVER-WEBAPP Netop Remote Control dws file buffer overflow attempt (snort3-server-webapp.rules) * 1:24707 <-> DISABLED <-> SERVER-WEBAPP Netop Remote Control dws file buffer overflow attempt (snort3-server-webapp.rules) * 1:24765 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter SRS request heap overflow attempt (snort3-server-webapp.rules) * 1:24766 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter SRS request arbitrary file download attempt (snort3-server-webapp.rules) * 1:24767 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter FSFUI request directory traversal attempt (snort3-server-webapp.rules) * 1:24801 <-> DISABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager Express asset.getmimetype sql injection attempt (snort3-server-webapp.rules) * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (snort3-server-other.rules) * 1:24915 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (snort3-file-java.rules) * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (snort3-policy-other.rules) * 1:24993 <-> DISABLED <-> FILE-JAVA Oracle Java Applet remote code execution attempt (snort3-file-java.rules) * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (snort3-malware-cnc.rules) * 1:25318 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (snort3-server-webapp.rules) * 1:25319 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (snort3-server-webapp.rules) * 1:25321 <-> DISABLED <-> SERVER-ORACLE Oracle Database tablefunc_asown buffer overflow attempt (snort3-server-oracle.rules) * 1:25345 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Web interface arbitrary command execution attempt (snort3-server-webapp.rules) * 1:25346 <-> DISABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (snort3-file-image.rules) * 1:25347 <-> DISABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (snort3-file-image.rules) * 1:25348 <-> DISABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (snort3-file-image.rules) * 1:25353 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (snort3-file-office.rules) * 1:25354 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (snort3-file-office.rules) * 1:25355 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (snort3-file-office.rules) * 1:25366 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (snort3-file-office.rules) * 1:25367 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (snort3-file-office.rules) * 1:25369 <-> DISABLED <-> OS-WINDOWS NVIDIA graphics driver nvsr named pipe buffer overflow attempt (snort3-os-windows.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (snort3-file-java.rules) * 1:25449 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (snort3-file-pdf.rules) * 1:25450 <-> ENABLED <-> FILE-PDF Javascript openDoc UNC network request attempt (snort3-file-pdf.rules) * 1:25534 <-> DISABLED <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt (snort3-server-webapp.rules) * 1:25542 <-> DISABLED <-> PROTOCOL-RPC EMC NetWorker nsrindexd service buffer overflow attempt (snort3-protocol-rpc.rules) * 1:25581 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (snort3-server-other.rules) * 1:25582 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (snort3-server-other.rules) * 1:25583 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (snort3-server-other.rules) * 1:25584 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (snort3-server-other.rules) * 1:25585 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (snort3-server-other.rules) * 1:25586 <-> DISABLED <-> SERVER-WEBAPP Nagios Core get_history buffer overflow attempt (snort3-server-webapp.rules) * 1:25767 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (snort3-file-pdf.rules) * 1:25810 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (snort3-file-other.rules) * 1:25811 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (snort3-file-other.rules) * 1:25812 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (snort3-file-other.rules) * 1:25813 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (snort3-file-other.rules) * 1:25818 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (snort3-file-pdf.rules) * 1:25819 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (snort3-file-pdf.rules) * 1:25855 <-> DISABLED <-> SERVER-WEBAPP Nagios XI alert cloud cross site scripting attempt (snort3-server-webapp.rules) * 1:26073 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (snort3-server-other.rules) * 1:26074 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Message Server buffer overflow attempt (snort3-server-other.rules) * 1:26081 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Suspected Crimepack (snort3-malware-cnc.rules) * 1:26082 <-> DISABLED <-> FILE-PDF Nuance PDF reader launch overflow attempt (snort3-file-pdf.rules) * 1:26103 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra ping request buffer overflow attempt (snort3-server-other.rules) * 1:26105 <-> DISABLED <-> SERVER-OTHER BigAnt IM Server buffer overflow attempt (snort3-server-other.rules) * 1:26107 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (snort3-server-other.rules) * 1:26108 <-> DISABLED <-> SERVER-OTHER HP Linux Imaging and Printing Project hpssd daemon command injection attempt (snort3-server-other.rules) * 1:26178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hiloti variant outbound connection (snort3-malware-cnc.rules) * 1:26185 <-> ENABLED <-> FILE-JAVA Oracle Java Gmbal package sandbox breach attempt (snort3-file-java.rules) * 1:26186 <-> ENABLED <-> FILE-JAVA Oracle Java Gmbal package sandbox breach attempt (snort3-file-java.rules) * 1:26195 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (snort3-file-java.rules) * 1:26196 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (snort3-file-java.rules) * 1:26197 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (snort3-file-java.rules) * 1:26198 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (snort3-file-java.rules) * 1:26199 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib LookupOp integer overflow attempt (snort3-file-java.rules) * 1:26200 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib ConvolveOp integer overflow attempt (snort3-file-java.rules) * 1:26209 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (snort3-file-other.rules) * 1:26210 <-> DISABLED <-> FILE-OTHER CyberLink Power2Go name parameter overflow attempt (snort3-file-other.rules) * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (snort3-server-webapp.rules) * 1:26242 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (snort3-file-multimedia.rules) * 1:26243 <-> DISABLED <-> FILE-MULTIMEDIA CCMPlayer m3u buffer overflow attempt (snort3-file-multimedia.rules) * 1:26262 <-> DISABLED <-> SERVER-OTHER MongoDB nativeHelper.apply method command injection attempt (snort3-server-other.rules) * 1:26274 <-> DISABLED <-> SERVER-WEBAPP Nagios3 statuswml.cgi remote command execution attempt (snort3-server-webapp.rules) * 1:26280 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (snort3-file-pdf.rules) * 1:26281 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (snort3-file-pdf.rules) * 1:26282 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (snort3-file-pdf.rules) * 1:26283 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (snort3-file-pdf.rules) * 1:26320 <-> DISABLED <-> SERVER-WEBAPP Redmine SCM rev parameter command injection attempt (snort3-server-webapp.rules) * 1:26333 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (snort3-server-other.rules) * 1:26334 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra diag request buffer overflow attempt (snort3-server-other.rules) * 1:26336 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra snmp request buffer overflow attempt (snort3-server-other.rules) * 1:26389 <-> DISABLED <-> SERVER-OTHER BigAnt Document Service DUPF command arbitrary file upload attempt (snort3-server-other.rules) * 1:26390 <-> DISABLED <-> SERVER-OTHER BigAnt Document Service DUPF command arbitrary file upload attempt (snort3-server-other.rules) * 1:26416 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center mibFileUpload servlet arbitrary file upload attempt (snort3-server-webapp.rules) * 1:26417 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center mibFileUpload servlet arbitrary file upload attempt (snort3-server-webapp.rules) * 1:26418 <-> DISABLED <-> SERVER-WEBAPP HP System Management iprange parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:26425 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (snort3-protocol-voip.rules) * 1:26426 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SIP SDP header parsing stack buffer overflow attempt (snort3-protocol-voip.rules) * 1:26435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duqu variant outbound connection (snort3-malware-cnc.rules) * 1:26436 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center FaultDownloadServlet information disclosure attempt (snort3-server-webapp.rules) * 1:26471 <-> DISABLED <-> PROTOCOL-FTP VanDyke AbsoluteFTP LIST command stack buffer overflow attempt (snort3-protocol-ftp.rules) * 1:26473 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (snort3-file-other.rules) * 1:26474 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (snort3-file-other.rules) * 1:26475 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (snort3-file-other.rules) * 1:26476 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (snort3-file-other.rules) * 1:26477 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (snort3-file-other.rules) * 1:26478 <-> DISABLED <-> FILE-OTHER CoolPlayer playlist file handling buffer overflow attempt (snort3-file-other.rules) * 1:26479 <-> DISABLED <-> SERVER-OTHER ActFax LPD Server data field buffer overflow attempt (snort3-server-other.rules) * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (snort3-file-other.rules) * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (snort3-file-other.rules) * 1:26501 <-> DISABLED <-> SERVER-OTHER BigAnt Document Service DDNF request stack buffer overflow attempt (snort3-server-other.rules) * 1:26502 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (snort3-protocol-scada.rules) * 1:26503 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (snort3-protocol-scada.rules) * 1:26504 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (snort3-protocol-scada.rules) * 1:26505 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center IctDownloadServlet information disclosure attempt (snort3-server-webapp.rules) * 1:26520 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (snort3-file-other.rules) * 1:26521 <-> DISABLED <-> FILE-OTHER Maple Maplet File Creation and Command Execution attempt (snort3-file-other.rules) * 1:26523 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center ReportImgServlet information disclosure attempt (snort3-server-webapp.rules) * 1:26547 <-> DISABLED <-> SERVER-WEBAPP phpMyAdmin preg_replace remote code execution attempt (snort3-server-webapp.rules) * 1:26626 <-> DISABLED <-> FILE-OFFICE XML parameter entity reference local file disclosure attempt (snort3-file-office.rules) * 1:26645 <-> DISABLED <-> SERVER-OTHER SSL TLS deflate compression weakness brute force attempt (snort3-server-other.rules) * 1:26648 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (snort3-file-other.rules) * 1:26649 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (snort3-file-other.rules) * 1:26651 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (snort3-file-pdf.rules) * 1:26652 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (snort3-file-pdf.rules) * 1:26664 <-> ENABLED <-> FILE-IMAGE BMP extremely large xpos opcodes (snort3-file-image.rules) * 1:26669 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center SyslogDownloadServlet information disclosure attempt (snort3-server-webapp.rules) * 1:26672 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (snort3-file-office.rules) * 1:26673 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (snort3-file-office.rules) * 1:26674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (snort3-file-office.rules) * 1:26676 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt (snort3-file-office.rules) * 1:26759 <-> DISABLED <-> SERVER-OTHER MIT Kerberos libkdb_ldap principal name handling denial of service attempt (snort3-server-other.rules) * 1:26769 <-> DISABLED <-> SERVER-OTHER MIT Kerberos kpasswd process_chpw_request denial of service attempt (snort3-server-other.rules) * 1:26794 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center UAM acmServletDownload information disclosure attempt (snort3-server-webapp.rules) * 1:26797 <-> DISABLED <-> SERVER-WEBAPP Mutiny editdocument servlet arbitrary file access attempt (snort3-server-webapp.rules) * 1:26798 <-> DISABLED <-> SERVER-WEBAPP Mutiny editdocument servlet arbitrary file upload attempt (snort3-server-webapp.rules) * 1:26905 <-> DISABLED <-> SERVER-WEBAPP FosWiki and TWiki MAKETEXT macro memory consumption denial of service attempt (snort3-server-webapp.rules) * 1:26922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (snort3-os-windows.rules) * 1:26927 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (snort3-file-pdf.rules) * 1:26928 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (snort3-file-pdf.rules) * 1:26953 <-> DISABLED <-> SERVER-WEBAPP D-Link DIR-300/DIR-600 unauthenticated remote command execution attempt (snort3-server-webapp.rules) * 1:26990 <-> DISABLED <-> SERVER-WEBAPP WordPress Super Cache & W3 Total Cache remote code execution attempt (snort3-server-webapp.rules) * 1:26991 <-> DISABLED <-> SERVER-WEBAPP WordPress Super Cache & W3 Total Cache remote code execution attempt (snort3-server-webapp.rules) * 1:26992 <-> DISABLED <-> SERVER-WEBAPP WordPress Super Cache & W3 Total Cache remote code execution attempt (snort3-server-webapp.rules) * 1:27018 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (snort3-server-webapp.rules) * 1:27019 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (snort3-server-webapp.rules) * 1:27020 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (snort3-server-webapp.rules) * 1:27028 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (snort3-server-webapp.rules) * 1:27029 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (snort3-server-webapp.rules) * 1:27030 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (snort3-server-webapp.rules) * 1:27036 <-> DISABLED <-> SERVER-OTHER Novell NetIQ User Manager modifyAccounts policy bypass attempt (snort3-server-other.rules) * 1:27075 <-> DISABLED <-> SERVER-OTHER Novell NetIQ User Manager ldapagnt_eval remote code execution attempt (snort3-server-other.rules) * 1:27076 <-> ENABLED <-> FILE-JAVA Oracle Java Applet disable security manager attempt (snort3-file-java.rules) * 1:27077 <-> ENABLED <-> FILE-JAVA Oracle Java Applet disable security manager attempt (snort3-file-java.rules) * 1:27102 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (snort3-file-multimedia.rules) * 1:27103 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime enof atom parsing heap buffer overflow attempt (snort3-file-multimedia.rules) * 1:27104 <-> ENABLED <-> SERVER-WEBAPP HP System Management arbitrary command injection attempt (snort3-server-webapp.rules) * 1:27105 <-> ENABLED <-> SERVER-WEBAPP HP System Management arbitrary command injection attempt (snort3-server-webapp.rules) * 1:27122 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 305 buffer overflow attempt (snort3-server-other.rules) * 1:27124 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1092 buffer overflow attempt (snort3-server-other.rules) * 1:27125 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 211 buffer overflow attempt (snort3-server-other.rules) * 1:27170 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 buffer overflow attempt (snort3-server-other.rules) * 1:27188 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (snort3-file-java.rules) * 1:27189 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (snort3-file-java.rules) * 1:27190 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (snort3-file-java.rules) * 1:27191 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (snort3-file-java.rules) * 1:27192 <-> DISABLED <-> SERVER-WEBAPP DM Albums album.php remote file include attempt (snort3-server-webapp.rules) * 1:27210 <-> ENABLED <-> SERVER-OTHER IPMI RAKP cipher zero remote authentication bypass attempt (snort3-server-other.rules) * 1:27217 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 260 buffer overflow attempt (snort3-server-other.rules) * 1:27224 <-> ENABLED <-> SERVER-OTHER Adobe ColdFusion websocket invoke method access (snort3-server-other.rules) * 1:27225 <-> DISABLED <-> SERVER-OTHER Adobe ColdFusion JRun error page getWriter denial of service attempt (snort3-server-other.rules) * 1:27226 <-> DISABLED <-> SERVER-WEBAPP DokuWiki PHP file inclusion attempt (snort3-server-webapp.rules) * 1:27231 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (snort3-os-windows.rules) * 1:27237 <-> DISABLED <-> SERVER-OTHER IPMI default username - root (snort3-server-other.rules) * 1:27238 <-> DISABLED <-> SERVER-OTHER IPMI default username - admin (snort3-server-other.rules) * 1:27239 <-> DISABLED <-> SERVER-OTHER IPMI default username - USERID (snort3-server-other.rules) * 1:27240 <-> DISABLED <-> SERVER-OTHER multiple vendors IPMI RAKP username brute force attempt (snort3-server-other.rules) * 1:27264 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt (snort3-server-other.rules) * 1:27532 <-> DISABLED <-> SERVER-MAIL Exim and Dovecot mail from remote command execution attempt (snort3-server-mail.rules) * 1:27539 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 234 buffer overflow attempt (snort3-server-other.rules) * 1:27552 <-> DISABLED <-> OS-MOBILE Android Exploit Extra_Field APK file download attempt (snort3-os-mobile.rules) * 1:27571 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 235 buffer overflow attempt (snort3-server-other.rules) * 1:27572 <-> ENABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (snort3-server-apache.rules) * 1:27573 <-> ENABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (snort3-server-apache.rules) * 1:27574 <-> ENABLED <-> SERVER-APACHE Apache Struts OGNL getRuntime.exec static method access attempt (snort3-server-apache.rules) * 1:27575 <-> ENABLED <-> SERVER-APACHE Apache Struts arbitrary OGNL remote code execution attempt (snort3-server-apache.rules) * 1:27617 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 264 buffer overflow attempt (snort3-server-other.rules) * 1:27621 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (snort3-file-java.rules) * 1:27622 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (snort3-file-java.rules) * 1:27623 <-> DISABLED <-> SERVER-OTHER Joomla media.php arbitrary file upload attempt (snort3-server-other.rules) * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (snort3-server-other.rules) * 1:27667 <-> DISABLED <-> SERVER-WEBAPP Joomla media.php file.upload direct administrator access attempt (snort3-server-webapp.rules) * 1:27672 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (snort3-file-java.rules) * 1:27673 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (snort3-file-java.rules) * 1:27674 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (snort3-file-java.rules) * 1:27675 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (snort3-file-java.rules) * 1:27676 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (snort3-file-java.rules) * 1:27677 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (snort3-file-java.rules) * 1:27688 <-> DISABLED <-> SERVER-WEBAPP mxBB MX Faq module_root_path file inclusion attempt (snort3-server-webapp.rules) * 1:27691 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (snort3-file-java.rules) * 1:27692 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (snort3-file-java.rules) * 1:27750 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (snort3-file-java.rules) * 1:27751 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (snort3-file-java.rules) * 1:27753 <-> DISABLED <-> SERVER-WEBAPP Click N Print Coupons coupon_detail.asp SQL injection attempt (snort3-server-webapp.rules) * 1:27756 <-> DISABLED <-> SERVER-WEBAPP RedHat Piranha Virtual Server Package default passwd and arbitrary command execution attempt (snort3-server-webapp.rules) * 1:27769 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 207 buffer overflow attempt (snort3-server-other.rules) * 1:27770 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 210 buffer overflow attempt (snort3-server-other.rules) * 1:27771 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 236 buffer overflow attempt (snort3-server-other.rules) * 1:27772 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 243 buffer overflow attempt (snort3-server-other.rules) * 1:27773 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 265 buffer overflow attempt (snort3-server-other.rules) * 1:27861 <-> DISABLED <-> SERVER-ORACLE Oracle Enterprise Manager Database Control directory traversal attempt (snort3-server-oracle.rules) * 1:27862 <-> DISABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt (snort3-server-webapp.rules) * 1:27863 <-> DISABLED <-> SERVER-WEBAPP Ektron CMS XSLT transform remote code execution attempt (snort3-server-webapp.rules) * 1:27921 <-> DISABLED <-> SERVER-ORACLE Oracle Endeca Server createDataStore remote command injection attempt (snort3-server-oracle.rules) * 1:27937 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager SNAC UpdateCertificatesServlet directory traversal attempt (snort3-server-other.rules) * 1:27941 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager SNAC UpdateDomainControllerServlet directory traversal attempt (snort3-server-other.rules) * 1:27942 <-> ENABLED <-> SERVER-WEBAPP Sophos Web Protection Appliance sblistpack arbitrary command execution attempt (snort3-server-webapp.rules) * 1:28047 <-> DISABLED <-> SERVER-WEBAPP RaidSonic Multiple Products arbitrary command injection attempt (snort3-server-webapp.rules) * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (snort3-server-webapp.rules) * 1:28093 <-> DISABLED <-> SERVER-WEBAPP Western Digital Arkeia Appliance directory traversal attempt (snort3-server-webapp.rules) * 1:28124 <-> DISABLED <-> FILE-OTHER PCRE character class heap buffer overflow attempt (snort3-file-other.rules) * 1:28137 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (snort3-file-office.rules) * 1:28145 <-> DISABLED <-> SERVER-WEBAPP OpenEMR information disclosure attempt (snort3-server-webapp.rules) * 1:28149 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file deletion (snort3-server-other.rules) * 1:28150 <-> DISABLED <-> SERVER-OTHER Quest Software Big Brother attempted arbitrary file upload (snort3-server-other.rules) * 1:28165 <-> DISABLED <-> PROTOCOL-VOIP attempted DOS detected (snort3-protocol-voip.rules) * 1:28227 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 211 buffer overflow attempt (snort3-server-other.rules) * 1:28251 <-> DISABLED <-> SERVER-WEBAPP Zabbix httpmon.php SQL injection attempt (snort3-server-webapp.rules) * 1:28252 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (snort3-file-pdf.rules) * 1:28263 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (snort3-file-other.rules) * 1:28276 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (snort3-file-java.rules) * 1:28277 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (snort3-file-java.rules) * 1:28278 <-> DISABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager express user.updateUserValue sql injection attempt (snort3-server-webapp.rules) * 1:28289 <-> ENABLED <-> SERVER-WEBAPP Tenda W302R root remote code execution attempt (snort3-server-webapp.rules) * 1:28290 <-> ENABLED <-> SERVER-WEBAPP Tenda W302R iwpriv remote code execution attempt (snort3-server-webapp.rules) * 1:28361 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (snort3-file-pdf.rules) * 1:28388 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (snort3-file-pdf.rules) * 1:28389 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (snort3-file-pdf.rules) * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (snort3-server-other.rules) * 1:28394 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (snort3-server-other.rules) * 1:28395 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (snort3-server-other.rules) * 1:28396 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (snort3-server-other.rules) * 1:28397 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (snort3-server-other.rules) * 1:28398 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (snort3-server-other.rules) * 1:28407 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center BIMS UploadServlet arbitrary file upload attempt (snort3-server-webapp.rules) * 1:28427 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (snort3-file-pdf.rules) * 1:28448 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center BIMS bimsDownload directory traversal attempt (snort3-server-webapp.rules) * 1:28461 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (snort3-file-pdf.rules) * 1:28462 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (snort3-file-pdf.rules) * 1:28464 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (snort3-file-office.rules) * 1:28465 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (snort3-file-office.rules) * 1:28466 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (snort3-file-office.rules) * 1:28467 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (snort3-file-office.rules) * 1:28468 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (snort3-file-office.rules) * 1:28469 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (snort3-file-office.rules) * 1:28470 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (snort3-file-office.rules) * 1:28471 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (snort3-file-office.rules) * 1:28472 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (snort3-file-office.rules) * 1:28473 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (snort3-file-office.rules) * 1:28525 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (snort3-file-office.rules) * 1:28526 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (snort3-file-office.rules) * 1:28534 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (snort3-file-other.rules) * 1:28535 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (snort3-file-other.rules) * 1:28536 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (snort3-file-other.rules) * 1:28537 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (snort3-file-other.rules) * 1:28575 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (snort3-file-other.rules) * 1:28576 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Reader FDF submitForm cross-site scripting attempt (snort3-file-other.rules) * 1:28597 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (snort3-file-pdf.rules) * 1:28598 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader field dictionary null pointer dereference attempt (snort3-file-pdf.rules) * 1:28621 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (snort3-file-pdf.rules) * 1:28622 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (snort3-file-pdf.rules) * 1:28623 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (snort3-file-pdf.rules) * 1:28624 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (snort3-file-pdf.rules) * 1:28625 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D rgba parsing overflow attempt (snort3-file-pdf.rules) * 1:28633 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (snort3-file-pdf.rules) * 1:28642 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (snort3-file-pdf.rules) * 1:28643 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (snort3-file-pdf.rules) * 1:28659 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (snort3-file-pdf.rules) * 1:28709 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (snort3-file-pdf.rules) * 1:28746 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver SXPG_CALL_SYSTEM remote code execution attempt (snort3-server-webapp.rules) * 1:28747 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D format memory corruption attempt (snort3-file-pdf.rules) * 1:28748 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D format memory corruption attempt (snort3-file-pdf.rules) * 1:28790 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D stream memory corruption attempt (snort3-file-pdf.rules) * 1:28794 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SerAuxTrend biff record corruption attempt (snort3-file-office.rules) * 1:28818 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (snort3-file-other.rules) * 1:28819 <-> DISABLED <-> FILE-OTHER 7-Zip ARJ archive handling buffer overflow attempt (snort3-file-other.rules) * 1:28831 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (snort3-file-other.rules) * 1:28833 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (snort3-file-other.rules) * 1:28834 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (snort3-file-other.rules) * 1:28835 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (snort3-file-other.rules) * 1:28836 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (snort3-file-other.rules) * 1:28837 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro d2d1.dll dll-load exploit attempt (snort3-file-other.rules) * 1:28839 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (snort3-file-other.rules) * 1:28840 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (snort3-file-other.rules) * 1:28841 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (snort3-file-other.rules) * 1:28842 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wintab32.dll dll-load exploit attempt (snort3-file-other.rules) * 1:28843 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (snort3-file-pdf.rules) * 1:28844 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (snort3-file-pdf.rules) * 1:28845 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (snort3-file-pdf.rules) * 1:28846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (snort3-file-pdf.rules) * 1:28867 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (snort3-os-windows.rules) * 1:28868 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (snort3-os-windows.rules) * 1:28869 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (snort3-os-windows.rules) * 1:28870 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (snort3-os-windows.rules) * 1:28871 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (snort3-os-windows.rules) * 1:28872 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NDProxy.sys privilege escalation attempt (snort3-os-windows.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:28908 <-> DISABLED <-> SERVER-OTHER Nagios core config manager tfpassword sql injection attempt (snort3-server-other.rules) * 1:28909 <-> DISABLED <-> SERVER-WEBAPP OTManager ADM_Pagina.php remote file include attempt (snort3-server-webapp.rules) * 1:28910 <-> DISABLED <-> SERVER-WEBAPP mcRefer install.php arbitrary PHP code injection attempt (snort3-server-webapp.rules) * 1:28912 <-> DISABLED <-> SERVER-WEBAPP Joomla simple RSS reader admin.rssreader.php remote file include attempt (snort3-server-webapp.rules) * 1:28915 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster.verify method integer overflow attempt (snort3-file-java.rules) * 1:28916 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster.verify method integer overflow attempt (snort3-file-java.rules) * 1:28917 <-> DISABLED <-> PROTOCOL-SCADA Microsys Promotic directory traversal attempt (snort3-protocol-scada.rules) * 1:28936 <-> DISABLED <-> SERVER-WEBAPP Horde groupware webmail edition ingo filter cross-site request forgery attempt (snort3-server-webapp.rules) * 1:28937 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope issuesiebelcmd soap request code execution attempt (snort3-server-webapp.rules) * 1:28942 <-> DISABLED <-> SERVER-WEBAPP BoonEx Dolphin 6.1.2 remote file include attempt (snort3-server-webapp.rules) * 1:28943 <-> DISABLED <-> SERVER-WEBAPP BoonEx Dolphin 6.1.2 remote file include attempt (snort3-server-webapp.rules) * 1:28944 <-> DISABLED <-> SERVER-WEBAPP BoonEx Dolphin 6.1.2 remote file include attempt (snort3-server-webapp.rules) * 1:28946 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint server callback function cross-site scripting attempt (snort3-server-webapp.rules) * 1:28956 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks configuration management umaninv information disclosure attempt (snort3-server-webapp.rules) * 1:28957 <-> DISABLED <-> SERVER-WEBAPP RSS-aggregator display.php remote file include attempt (snort3-server-webapp.rules) * 1:28961 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia URL length buffer overflow attempt (snort3-file-multimedia.rules) * 1:28962 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia URL length buffer overflow attempt (snort3-file-multimedia.rules) * 1:28993 <-> DISABLED <-> PROTOCOL-VOIP Sipvicious User-Agent detected (snort3-protocol-voip.rules) * 1:28998 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (snort3-os-linux.rules) * 1:28999 <-> DISABLED <-> OS-LINUX Linux kernel ARM put_user write outside process address space privilege escalation attempt (snort3-os-linux.rules) * 1:29005 <-> DISABLED <-> SERVER-WEBAPP IBM Platform Symphony SOAP request processing buffer overflow attempt (snort3-server-webapp.rules) * 1:29014 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (snort3-os-windows.rules) * 1:29017 <-> ENABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin directory traversal attempt (snort3-server-webapp.rules) * 1:29018 <-> DISABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin getReport SQL injection attempt (snort3-server-webapp.rules) * 1:29019 <-> ENABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin directory traversal attempt (snort3-server-webapp.rules) * 1:29028 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (snort3-server-mssql.rules) * 1:29029 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server TDS packet fragment handling remote denial of service attempt (snort3-server-mssql.rules) * 1:29040 <-> DISABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (snort3-server-webapp.rules) * 1:29041 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt (snort3-server-webapp.rules) * 1:29042 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt (snort3-server-webapp.rules) * 1:29061 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (snort3-file-multimedia.rules) * 1:29062 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (snort3-file-pdf.rules) * 1:29063 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed JBIG2 decode segment null pointer crash attempt (snort3-file-pdf.rules) * 1:29110 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway save.do cross site request forgery attempt (snort3-server-webapp.rules) * 1:29118 <-> DISABLED <-> SERVER-WEBAPP Novell Groupwise Messenger Server process memory information disclosure attempt (snort3-server-webapp.rules) * 1:29141 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file upload attempt (snort3-server-webapp.rules) * 1:29142 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file upload attempt (snort3-server-webapp.rules) * 1:29182 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (snort3-file-other.rules) * 1:29183 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (snort3-file-other.rules) * 1:29184 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (snort3-file-other.rules) * 1:29185 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP stack buffer overflow attempt (snort3-file-other.rules) * 1:29192 <-> DISABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (snort3-server-webapp.rules) * 1:29193 <-> DISABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (snort3-server-webapp.rules) * 1:29207 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (snort3-file-other.rules) * 1:29208 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (snort3-file-other.rules) * 1:29209 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (snort3-file-other.rules) * 1:29210 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (snort3-file-other.rules) * 1:29211 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (snort3-file-other.rules) * 1:29212 <-> ENABLED <-> FILE-OTHER RealNetworks RealPlayer RMP file heap buffer overflow attempt (snort3-file-other.rules) * 1:29267 <-> DISABLED <-> SERVER-WEBAPP Nagios3 statuswml.cgi remote command execution attempt (snort3-server-webapp.rules) * 1:29277 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (snort3-file-other.rules) * 1:29278 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (snort3-file-other.rules) * 1:29279 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (snort3-file-other.rules) * 1:29280 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (snort3-file-other.rules) * 1:29296 <-> ENABLED <-> SERVER-WEBAPP Red Hat CloudForms agent controller filename directory traversal attempt (snort3-server-webapp.rules) * 1:29297 <-> ENABLED <-> SERVER-WEBAPP Red Hat CloudForms agent controller filename directory traversal attempt (snort3-server-webapp.rules) * 1:29362 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (snort3-server-other.rules) * 1:29387 <-> ENABLED <-> SERVER-WEBAPP Synology DiskStation Manager SLICEUPLOAD remote command execution attempt (snort3-server-webapp.rules) * 1:29390 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (snort3-server-webapp.rules) * 1:29391 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (snort3-server-webapp.rules) * 1:29392 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (snort3-server-webapp.rules) * 1:29400 <-> DISABLED <-> SERVER-WEBAPP vTiger CRM AddEmailAttachment directory traversal attempt (snort3-server-webapp.rules) * 1:29409 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (snort3-file-pdf.rules) * 1:29410 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (snort3-file-pdf.rules) * 1:29418 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (snort3-os-mobile.rules) * 1:29419 <-> DISABLED <-> OS-MOBILE Android signature validation bypass APK file download attempt (snort3-os-mobile.rules) * 1:29465 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (snort3-file-other.rules) * 1:29466 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (snort3-file-other.rules) * 1:29467 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (snort3-file-other.rules) * 1:29468 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (snort3-file-other.rules) * 1:29485 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (snort3-server-webapp.rules) * 1:29486 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (snort3-server-webapp.rules) * 1:29487 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (snort3-server-webapp.rules) * 1:29488 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (snort3-server-webapp.rules) * 1:29490 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (snort3-file-java.rules) * 1:29491 <-> ENABLED <-> FILE-JAVA Oracle Java ShortComponentRaster integer overflow attempt (snort3-file-java.rules) * 1:29498 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center sdFileDownload information disclosure attempt (snort3-server-webapp.rules) * 1:29499 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center sdFileDownload information disclosure attempt (snort3-server-webapp.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (snort3-server-other.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (snort3-server-other.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (snort3-file-multimedia.rules) * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (snort3-file-multimedia.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:29528 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt (snort3-server-other.rules) * 1:29529 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt (snort3-server-other.rules) * 1:29530 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt (snort3-server-other.rules) * 1:29531 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt (snort3-server-other.rules) * 1:29532 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt (snort3-server-other.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (snort3-file-java.rules) * 1:29537 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (snort3-server-webapp.rules) * 1:29570 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (snort3-file-other.rules) * 1:29571 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (snort3-file-other.rules) * 1:29572 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (snort3-file-other.rules) * 1:29573 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (snort3-file-other.rules) * 1:29574 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (snort3-file-other.rules) * 1:29575 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (snort3-file-other.rules) * 1:29576 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (snort3-file-other.rules) * 1:29577 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (snort3-file-other.rules) * 1:29581 <-> DISABLED <-> SERVER-OTHER CA Brightstor SUN RPC malformed string buffer overflow attempt (snort3-server-other.rules) * 1:29592 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (snort3-server-apache.rules) * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (snort3-server-webapp.rules) * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (snort3-server-webapp.rules) * 1:29605 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (snort3-file-java.rules) * 1:29606 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp integer overflow attempt (snort3-file-java.rules) * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (snort3-server-other.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (snort3-server-other.rules) * 1:29622 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (snort3-file-pdf.rules) * 1:29639 <-> DISABLED <-> SERVER-APACHE Apache Struts wildcard matching OGNL remote code execution attempt (snort3-server-apache.rules) * 1:29647 <-> DISABLED <-> SERVER-APACHE Apache Roller OGNL injection remote code execution attempt (snort3-server-apache.rules) * 1:29648 <-> DISABLED <-> SERVER-APACHE Apache Roller OGNL injection remote code execution attempt (snort3-server-apache.rules) * 1:29649 <-> DISABLED <-> SERVER-APACHE Apache Roller allowStaticMethodAccess invocation attempt (snort3-server-apache.rules) * 1:29669 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (snort3-file-pdf.rules) * 1:29746 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway languagetest.php language parameter directory traversal attempt (snort3-server-webapp.rules) * 1:29750 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (snort3-server-webapp.rules) * 1:29751 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (snort3-server-webapp.rules) * 1:29752 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center SOM authentication bypass attempt (snort3-server-webapp.rules) * 1:29756 <-> DISABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager express user.updateUserValue sql injection attempt (snort3-server-webapp.rules) * 1:29792 <-> DISABLED <-> SERVER-OTHER Novell iPrint Server remote code execution attempt (snort3-server-other.rules) * 1:29798 <-> DISABLED <-> SERVER-WEBAPP CuteFlow pre-authenticated admin account creation attempt (snort3-server-webapp.rules) * 1:29799 <-> DISABLED <-> SERVER-WEBAPP CuteFlow pre-authenticated admin account creation attempt (snort3-server-webapp.rules) * 1:29808 <-> DISABLED <-> SERVER-WEBAPP Nagios XI alert cloud cross site scripting attempt (snort3-server-webapp.rules) * 1:29823 <-> DISABLED <-> OS-WINDOWS Microsoft Windows secure channel malformed certificate request memory corruption attempt (snort3-os-windows.rules) * 1:29937 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceR3Info buffer overflow attempt (snort3-server-other.rules) * 1:29939 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (snort3-server-other.rules) * 1:29940 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (snort3-server-other.rules) * 1:29941 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (snort3-server-other.rules) * 1:29942 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore buffer overflow attempt (snort3-server-other.rules) * 1:29946 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (snort3-server-other.rules) * 1:29947 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (snort3-server-other.rules) * 1:29948 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (snort3-server-other.rules) * 1:29950 <-> DISABLED <-> SERVER-OTHER TP-Link TL-WR740N wireless router remote denial of service attempt (snort3-server-other.rules) * 1:29967 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (snort3-server-other.rules) * 1:29968 <-> DISABLED <-> SERVER-OTHER Python socket.recvfrom_into remote buffer overflow attempt (snort3-server-other.rules) * 1:29992 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT120N tmUnblock.cgi TM_Block_URL parameter fprintf stack buffer overflow attempt (snort3-server-webapp.rules) * 1:30010 <-> DISABLED <-> SERVER-APACHE Apache Solr SolrResourceLoader directory traversal attempt (snort3-server-apache.rules) * 1:30011 <-> DISABLED <-> SERVER-WEBAPP GE Proficy CIMPLICITY CimWebServer remote code execution attempt (snort3-server-webapp.rules) * 1:30012 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (snort3-server-webapp.rules) * 1:30013 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense Snort log view remote file inclusion attempt (snort3-server-webapp.rules) * 1:30031 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino stack buffer overflow attempt (snort3-server-webapp.rules) * 1:30032 <-> DISABLED <-> SERVER-OTHER Borland VisiBroker Smart Agent heap overflow attempt (snort3-server-other.rules) * 1:30150 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (snort3-file-multimedia.rules) * 1:30151 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (snort3-file-multimedia.rules) * 1:30152 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player memory corruption attempt (snort3-file-multimedia.rules) * 1:30199 <-> DISABLED <-> SERVER-WEBAPP PHP DateInterval heap buffer overread denial of service attempt (snort3-server-webapp.rules) * 1:30200 <-> DISABLED <-> SERVER-WEBAPP PHP DateInterval heap buffer overread denial of service attempt (snort3-server-webapp.rules) * 1:30205 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (snort3-server-other.rules) * 1:30206 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (snort3-server-other.rules) * 1:30207 <-> ENABLED <-> SERVER-OTHER HP AIO Archive Query Server stack buffer overflow attempt (snort3-server-other.rules) * 1:30215 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Live555 RTSP plugin stack-based buffer overflow attempt (snort3-file-multimedia.rules) * 1:30263 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (snort3-server-other.rules) * 1:30264 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (snort3-server-other.rules) * 1:30265 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (snort3-server-other.rules) * 1:30266 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (snort3-server-other.rules) * 1:30267 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (snort3-server-other.rules) * 1:30268 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (snort3-server-other.rules) * 1:30280 <-> DISABLED <-> SERVER-WEBAPP FreePBX config.php remote code execution attempt (snort3-server-webapp.rules) * 1:30291 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (snort3-server-webapp.rules) * 1:30292 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (snort3-server-webapp.rules) * 1:30293 <-> DISABLED <-> SERVER-WEBAPP Digium Asterisk cookie stack buffer overflow attempt (snort3-server-webapp.rules) * 1:30294 <-> DISABLED <-> SERVER-WEBAPP SePortal poll.php SQL injection attempt (snort3-server-webapp.rules) * 1:30295 <-> DISABLED <-> SERVER-WEBAPP SePortal print.php SQL injection attempt (snort3-server-webapp.rules) * 1:30296 <-> DISABLED <-> SERVER-WEBAPP SePortal staticpages.php SQL injection attempt (snort3-server-webapp.rules) * 1:30305 <-> DISABLED <-> SERVER-WEBAPP Horde Framework variables.php unserialize PHP code execution attempt (snort3-server-webapp.rules) * 1:30307 <-> DISABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (snort3-server-webapp.rules) * 1:30329 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (snort3-server-other.rules) * 1:30330 <-> DISABLED <-> SERVER-OTHER McAfee Asset Manager downloadReport information disclosure attempt (snort3-server-other.rules) * 1:30343 <-> DISABLED <-> SERVER-WEBAPP Joomla weblinks-categories SQL injection attempt (snort3-server-webapp.rules) * 1:30526 <-> DISABLED <-> SERVER-WEBAPP Joomla komento extension cross site scripting attempt (snort3-server-webapp.rules) * 1:30527 <-> DISABLED <-> SERVER-WEBAPP Joomla komento extension cross site scripting attempt (snort3-server-webapp.rules) * 1:30528 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (snort3-file-pdf.rules) * 1:30529 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (snort3-file-pdf.rules) * 1:30774 <-> DISABLED <-> SERVER-WEBAPP Splunk collect file parameter directory traversal attempt (snort3-server-webapp.rules) * 1:30790 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (snort3-server-apache.rules) * 1:30792 <-> DISABLED <-> SERVER-APACHE Apache Struts ParametersInterceptor classloader access attempt (snort3-server-apache.rules) * 1:30797 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 RETR bkbcopyd buffer overflow attempt (snort3-protocol-scada.rules) * 1:30798 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 STOR bkbcopyd buffer overflow attempt (snort3-protocol-scada.rules) * 1:30799 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 ATTR bkbcopyd buffer overflow attempt (snort3-protocol-scada.rules) * 1:30800 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 XATR bkbcopyd buffer overflow attempt (snort3-protocol-scada.rules) * 1:30801 <-> DISABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 PMODE bkbcopyd buffer overflow attempt (snort3-protocol-scada.rules) * 1:30802 <-> ENABLED <-> PROTOCOL-SCADA Yokogawa CENTUM CS 3000 bkclogserv buffer overflow attempt (snort3-protocol-scada.rules) * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (snort3-server-other.rules) * 1:30876 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (snort3-file-multimedia.rules) * 1:30877 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (snort3-file-multimedia.rules) * 1:30928 <-> ENABLED <-> SERVER-OTHER SAP NetWeaver dir content listing attempt (snort3-server-other.rules) * 1:30944 <-> DISABLED <-> SERVER-APACHE Apache Struts CookieInterceptor classloader access attempt (snort3-server-apache.rules) * 1:31015 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (snort3-file-pdf.rules) * 1:31016 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader integer overflow attempt (snort3-file-pdf.rules) * 1:31021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (snort3-file-pdf.rules) * 1:31022 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader api call handling arbitrary execution attempt (snort3-file-pdf.rules) * 1:31056 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WEP key enumeration attempt (snort3-protocol-snmp.rules) * 1:31057 <-> DISABLED <-> PROTOCOL-SNMP Motorola Netopia 3347 series WPA key enumeration attempt (snort3-protocol-snmp.rules) * 1:31058 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntName enumeration attempt (snort3-protocol-snmp.rules) * 1:31059 <-> DISABLED <-> PROTOCOL-SNMP Brocade snAgentUserAccntPassword enumeration attempt (snort3-protocol-snmp.rules) * 1:31067 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess ChartThemeConfig SQL injection attempt (snort3-server-webapp.rules) * 1:31068 <-> DISABLED <-> SERVER-OTHER F5 BIG-IP iControl API hostname command injection attempt (snort3-server-other.rules) * 1:31095 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WEP key enumeration attempt (snort3-protocol-snmp.rules) * 1:31096 <-> DISABLED <-> PROTOCOL-SNMP Ubee DDW3611 series WPA key enumeration attempt (snort3-protocol-snmp.rules) * 1:31097 <-> DISABLED <-> PROTOCOL-SNMP CableHome Devices cabhPsDevUIPassword enumeration attempt (snort3-protocol-snmp.rules) * 1:31098 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WEP key enumeration attempt (snort3-protocol-snmp.rules) * 1:31099 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series WPA key enumeration attempt (snort3-protocol-snmp.rules) * 1:31100 <-> DISABLED <-> PROTOCOL-SNMP Ubee U10C019 series password enumeration attempt (snort3-protocol-snmp.rules) * 1:31103 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (snort3-file-pdf.rules) * 1:31104 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (snort3-file-pdf.rules) * 1:31105 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (snort3-file-pdf.rules) * 1:31106 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (snort3-file-pdf.rules) * 1:31128 <-> DISABLED <-> PROTOCOL-FTP CoreFTP FTP Server TYPE command denial of service attempt (snort3-protocol-ftp.rules) * 1:31143 <-> DISABLED <-> SERVER-WEBAPP CA ERwin Web Portal ConfigServiceProvider directory traversal attempt (snort3-server-webapp.rules) * 1:31148 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (snort3-server-webapp.rules) * 1:31149 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (snort3-server-webapp.rules) * 1:31157 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub getpermissions.asp command injection attempt (snort3-server-webapp.rules) * 1:31158 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub getpermissions.asp command injection attempt (snort3-server-webapp.rules) * 1:31159 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub getpermissions.asp command injection attempt (snort3-server-webapp.rules) * 1:31160 <-> DISABLED <-> SERVER-WEBAPP Cogent DataHub getpermissions.asp command injection attempt (snort3-server-webapp.rules) * 1:31176 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (snort3-server-other.rules) * 1:31177 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (snort3-server-other.rules) * 1:31178 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (snort3-server-other.rules) * 1:31179 <-> DISABLED <-> SERVER-OTHER GnuTLS Server Hello Session ID heap overflow attempt (snort3-server-other.rules) * 1:31195 <-> DISABLED <-> SERVER-WEBAPP VMTurbo Operations Manager directory traversal attempt (snort3-server-webapp.rules) * 1:31210 <-> ENABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller close_window.cgi buffer overflow attempt (snort3-server-webapp.rules) * 1:31211 <-> ENABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller close_window.cgi buffer overflow attempt (snort3-server-webapp.rules) * 1:31259 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller url_redirect.cgi directory traversal attempt (snort3-server-webapp.rules) * 1:31300 <-> ENABLED <-> SERVER-OTHER Xerox DocuShare SQL injection attempt (snort3-server-other.rules) * 1:31305 <-> DISABLED <-> SERVER-WEBAPP Rocket Servergraph Admin Center fileRequestor directory traversal attempt (snort3-server-webapp.rules) * 1:31310 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (snort3-file-office.rules) * 1:31311 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (snort3-file-office.rules) * 1:31312 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (snort3-file-office.rules) * 1:31330 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd update_system_info_debian_package command injection attempt (snort3-server-webapp.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (snort3-server-other.rules) * 1:31338 <-> DISABLED <-> SERVER-OTHER OpenAFS GetStatistics buffer overflow attempt (snort3-server-other.rules) * 1:31360 <-> DISABLED <-> SERVER-WEBAPP PHP include parameter remote file include attempt (snort3-server-webapp.rules) * 1:31362 <-> DISABLED <-> SERVER-WEBAPP MiniBB PHP arbitrary remote code execution attempt (snort3-server-webapp.rules) * 1:31363 <-> DISABLED <-> SERVER-WEBAPP MF Piadas admin.php page parameter PHP remote file include attempt (snort3-server-webapp.rules) * 1:31364 <-> DISABLED <-> SERVER-WEBAPP FlashGameScript index.php func parameter PHP remote file include attempt (snort3-server-webapp.rules) * 1:31366 <-> ENABLED <-> FILE-JAVA Oracle Java sun.tracing.ProviderSkeleton sandbox bypass attempt (snort3-file-java.rules) * 1:31367 <-> ENABLED <-> FILE-JAVA Oracle Java sun.tracing.ProviderSkeleton sandbox bypass attempt (snort3-file-java.rules) * 1:31373 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (snort3-server-webapp.rules) * 1:31376 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (snort3-file-multimedia.rules) * 1:31377 <-> DISABLED <-> SERVER-WEBAPP PHP includedir parameter remote file include attempt (snort3-server-webapp.rules) * 1:31378 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (snort3-file-office.rules) * 1:31379 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (snort3-file-office.rules) * 1:31411 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:31412 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:31413 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:31414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorDAN.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:31415 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietDAN.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:31416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorDAN.dll dll-load exploit attempt (snort3-os-windows.rules) * 1:31425 <-> DISABLED <-> SERVER-WEBAPP PHP Simple Shop abs_path parameter PHP remote file include attempt (snort3-server-webapp.rules) * 1:31426 <-> DISABLED <-> SERVER-WEBAPP Jevontech PHPenpals PersonalID SQL injection attempt (snort3-server-webapp.rules) * 1:31429 <-> DISABLED <-> SERVER-WEBAPP Microsoft Sharepoint server callback function cross-site scripting attempt (snort3-server-webapp.rules) * 1:31439 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (snort3-file-pdf.rules) * 1:31440 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (snort3-file-pdf.rules) * 1:31443 <-> DISABLED <-> SERVER-WEBAPP ActiveState ActivePerl perlIIS.dll server URI buffer overflow attempt (snort3-server-webapp.rules) * 1:31497 <-> DISABLED <-> SERVER-WEBAPP Oracle Event Processing FileUploadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:31498 <-> DISABLED <-> SERVER-WEBAPP Oracle Event Processing FileUploadServlet directory traversal attempt (snort3-server-webapp.rules) * 1:31505 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd get_license command injection attempt (snort3-server-webapp.rules) * 1:31506 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM av-centerd get_log_line command injection attempt (snort3-server-webapp.rules) * 1:31519 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (snort3-file-multimedia.rules) * 1:31520 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (snort3-file-multimedia.rules) * 1:31521 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (snort3-file-multimedia.rules) * 1:31522 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (snort3-file-multimedia.rules) * 1:31523 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (snort3-file-multimedia.rules) * 1:31524 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (snort3-file-multimedia.rules) * 1:31525 <-> ENABLED <-> SERVER-OTHER HP AutoPass License Server CommunicationServlet directory traversal attempt (snort3-server-other.rules) * 1:31526 <-> ENABLED <-> SERVER-OTHER HP AutoPass License Server CommunicationServlet directory traversal attempt (snort3-server-other.rules) * 1:31529 <-> ENABLED <-> SERVER-OTHER D-Link Multiple Products HNAP request buffer overflow attempt (snort3-server-other.rules) * 1:31534 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (snort3-file-office.rules) * 1:31535 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (snort3-file-office.rules) * 1:31536 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (snort3-file-office.rules) * 1:31537 <-> ENABLED <-> FILE-OFFICE Microsoft Access memory corruption attempt (snort3-file-office.rules) * 1:31540 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (snort3-file-java.rules) * 1:31541 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (snort3-file-java.rules) * 1:31542 <-> DISABLED <-> SERVER-WEBAPP D-Link Multiple Products info.cgi request buffer overflow attempt (snort3-server-webapp.rules) * 1:31555 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (snort3-file-pdf.rules) * 1:31562 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word global array index heap overflow attempt (snort3-file-office.rules) * 1:31565 <-> DISABLED <-> SERVER-WEBAPP Flashchat aedatingCMS2.php remote file include attempt (snort3-server-webapp.rules) * 1:31566 <-> DISABLED <-> SERVER-WEBAPP Flashchat aedatingCMS.php remote file include attempt (snort3-server-webapp.rules) * 1:31567 <-> DISABLED <-> SERVER-WEBAPP Gitlist remote command injection attempt (snort3-server-webapp.rules) * 1:31569 <-> DISABLED <-> SERVER-WEBAPP Tiki Wiki 8.3 unserialize PHP remote code execution attempt (snort3-server-webapp.rules) * 1:31570 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB mysql.cc buffer overflow attempt (snort3-server-mysql.rules) * 1:31588 <-> DISABLED <-> SERVER-WEBAPP D-Link Multiple Products hedwig.cgi cookie buffer overflow attempt (snort3-server-webapp.rules) * 1:31637 <-> DISABLED <-> SERVER-WEBAPP Ad Fundum Integrateable News Script remote include path attempt (snort3-server-webapp.rules) * 1:31638 <-> DISABLED <-> SERVER-WEBAPP Voodoo Chat index.php remote include path attempt (snort3-server-webapp.rules) * 1:31647 <-> DISABLED <-> SERVER-WEBAPP AVM FritzBox webcm command injection attempt (snort3-server-webapp.rules) * 1:31648 <-> DISABLED <-> SERVER-WEBAPP AVM FritzBox webcm command injection attempt (snort3-server-webapp.rules) * 1:31651 <-> DISABLED <-> SERVER-WEBAPP VMTurbo Operations Manager vmtadmin.cgi command injection attempt (snort3-server-webapp.rules) * 1:31652 <-> DISABLED <-> SERVER-WEBAPP VMTurbo Operations Manager vmtadmin.cgi command injection attempt (snort3-server-webapp.rules) * 1:31686 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (snort3-file-pdf.rules) * 1:31687 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (snort3-file-pdf.rules) * 1:31696 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (snort3-server-webapp.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (snort3-server-other.rules) * 1:1209 <-> DISABLED <-> SERVER-WEBAPP .nsconfig access (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:47843 <-> ENABLED <-> MALWARE-CNC Java.Trojan.Adwind variant outbound connection (malware-cnc.rules) * 1:47819 <-> DISABLED <-> SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt (server-webapp.rules) * 1:47834 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:47838 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules) * 1:47817 <-> DISABLED <-> SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt (server-webapp.rules) * 1:47814 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor imageUploadServlet directory traversal attempt (server-webapp.rules) * 1:47812 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor imageUploadServlet arbitrary JSP file upload attempt (server-webapp.rules) * 1:47815 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor LicenseServlet directory traversal attempt (server-webapp.rules) * 1:47818 <-> DISABLED <-> SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt (server-webapp.rules) * 1:47850 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SystemCollector privilege escalation attempt (os-windows.rules) * 1:47844 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47829 <-> ENABLED <-> SERVER-OTHER JBoss Richfaces expression language injection attempt (server-other.rules) * 1:47825 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan variant download (malware-cnc.rules) * 1:47813 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor imageUploadServlet directory traversal attempt (server-webapp.rules) * 1:47833 <-> DISABLED <-> FILE-FLASH Adobe Flash Player COM server BrokerCreateFile sandbox escape attempt (file-flash.rules) * 1:47848 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47830 <-> DISABLED <-> POLICY-OTHER phpmyadmin external SQL query detected (policy-other.rules) * 1:47835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownloadGuide variant outbound traffic (malware-cnc.rules) * 1:47816 <-> DISABLED <-> SERVER-WEBAPP CloudByte ElastiStor LicenseServlet arbitrary JSP file upload attempt (server-webapp.rules) * 1:47847 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47828 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules) * 1:47831 <-> DISABLED <-> SERVER-WEBAPP phpmyadmin post-authentication local file inclusion attempt (server-webapp.rules) * 1:47836 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownloadGuide variant outbound traffic (malware-cnc.rules) * 1:47824 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan variant download (malware-cnc.rules) * 1:47839 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro SGI RGB run-length encoding out of bounds read attempt (file-image.rules) * 1:47821 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (server-other.rules) * 1:47849 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47822 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan outbound attempt (malware-cnc.rules) * 1:47820 <-> DISABLED <-> SERVER-OTHER OpenSSL invalid Diffie-Hellman parameter NULL pointer dereference attempt (server-other.rules) * 1:47837 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DownloadGuide variant outbound traffic (malware-cnc.rules) * 1:47823 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan variant download (malware-cnc.rules) * 1:47832 <-> DISABLED <-> SERVER-WEBAPP WordPress Responsive Thumbnail Slider arbitrary PHP file upload attempt (server-webapp.rules) * 1:47851 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SystemCollector privilege escalation attempt (os-windows.rules) * 1:47826 <-> ENABLED <-> MALWARE-CNC Win.Trojan.njrat njRAT trojan variant download (malware-cnc.rules) * 1:47845 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 1:47827 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat EmfPlusDrawImagePoints out of bounds read attempt (file-image.rules) * 1:47846 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.DDECmdExec variant download (malware-other.rules) * 3:47840 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0680 attack attempt (file-other.rules) * 3:47841 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2018-0680 attack attempt (file-other.rules) * 3:47842 <-> ENABLED <-> PROTOCOL-DNS TRUFFLEHUNTER TALOS-2018-0681 attack attempt (protocol-dns.rules)
* 1:31696 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (server-webapp.rules) * 1:31729 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Password Manager MetadataServlet SQL injection attempt (server-webapp.rules) * 1:31697 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (server-webapp.rules) * 1:31698 <-> DISABLED <-> SERVER-WEBAPP Jira Issue Collector Plugin directory traversal attempt (server-webapp.rules) * 1:31728 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central LinkViewFetchServlet SQL injection attempt (server-webapp.rules) * 1:31730 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway dbutils.php SQL injection attempt (server-webapp.rules) * 1:31731 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway dbutils.php SQL injection attempt (server-webapp.rules) * 1:31743 <-> DISABLED <-> SERVER-WEBAPP Wordpress WPTouch file upload remote code execution attempt (server-webapp.rules) * 1:31745 <-> DISABLED <-> SERVER-WEBAPP vTiger CRM install module command injection attempt (server-webapp.rules) * 1:31747 <-> DISABLED <-> SERVER-WEBAPP Gitlab ssh key upload command injection attempt (server-webapp.rules) * 1:31764 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (server-other.rules) * 1:31765 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC TGS request cross-realm referral null pointer dereference denial of service attempt (server-other.rules) * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:31798 <-> DISABLED <-> SERVER-WEBAPP HP Network Virtualization storedNtxFile directory traversal attempt (server-webapp.rules) * 1:31818 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral statusUpdate servlet directory traversal attempt (server-webapp.rules) * 1:31819 <-> DISABLED <-> SERVER-WEBAPP HP Network Virtualization toServerObject directory traversal attempt (server-webapp.rules) * 1:31823 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM remote_task command injection attempt (server-webapp.rules) * 1:31838 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Eventlog Analyzer directory traversal attempt (server-webapp.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:31851 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 128 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31852 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A 64 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31853 <-> DISABLED <-> PROTOCOL-SNMP Arris DG950A WPA key enumeration attempt (protocol-snmp.rules) * 1:31854 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 128 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31855 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products 64 bit WEP key enumeration attempt (protocol-snmp.rules) * 1:31856 <-> DISABLED <-> PROTOCOL-SNMP Multiple Products WPA key enumeration attempt (protocol-snmp.rules) * 1:31877 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31878 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31879 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31880 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31881 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31882 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31889 <-> DISABLED <-> SERVER-MAIL Exim Dovecot LDA sender_address command injection attempt (server-mail.rules) * 1:31890 <-> DISABLED <-> SERVER-MAIL Exim Dovecot LDA sender_address command injection attempt (server-mail.rules) * 1:31892 <-> DISABLED <-> SERVER-WEBAPP HybridAuth install.php code injection attempt (server-webapp.rules) * 1:31912 <-> DISABLED <-> SERVER-WEBAPP cPanel 9.01 multiple URI parameters cross site scripting attempt (server-webapp.rules) * 1:31942 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Admin Service FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:31945 <-> DISABLED <-> SERVER-WEBAPP PhpWiki Ploticus plugin command injection attempt (server-webapp.rules) * 1:31956 <-> DISABLED <-> SERVER-WEBAPP Rejetto HttpFileServer command injection attempt (server-webapp.rules) * 1:31986 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (file-other.rules) * 1:31987 <-> ENABLED <-> FILE-OTHER Wireshark MPEG dissector stack buffer overflow attempt (file-other.rules) * 1:32014 <-> DISABLED <-> SERVER-WEBAPP GetSimpleCMS arbitrary PHP code execution attempt (server-webapp.rules) * 1:32044 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Eventlog Analyzer directory traversal attempt (server-webapp.rules) * 1:32056 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:32057 <-> DISABLED <-> SERVER-WEBAPP ManageEngine multipartRequest servlet directory traversal attempt (server-webapp.rules) * 1:32059 <-> ENABLED <-> PROTOCOL-SCADA KingSCADA Alarm Server stack buffer overflow attempt (protocol-scada.rules) * 1:32068 <-> DISABLED <-> POLICY-OTHER SolarWinds Log and Event Manager default credentials authentication attempt (policy-other.rules) * 1:32076 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (server-other.rules) * 1:32084 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32085 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32092 <-> DISABLED <-> POLICY-OTHER ManageEngine DeviceExpert user credentials enumeration attempt (policy-other.rules) * 1:32109 <-> DISABLED <-> SERVER-WEBAPP Easy File Management stack buffer overflow attempt (server-webapp.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32199 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 305 directory traversal attempt (server-other.rules) * 1:32232 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:32233 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:32234 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:32235 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:32276 <-> DISABLED <-> SERVER-WEBAPP WordPress Infusionsoft Gravity Forms Plugin arbitrary code execution attempt (server-webapp.rules) * 1:32323 <-> DISABLED <-> SERVER-WEBAPP WordPress Custom Contact Forms plugin SQL export attempt (server-webapp.rules) * 1:32324 <-> DISABLED <-> SERVER-WEBAPP WordPress Custom Contact Forms plugin arbitrary SQL execution attempt (server-webapp.rules) * 1:32337 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt (file-pdf.rules) * 1:32342 <-> ENABLED <-> SERVER-OTHER AlienVault OSSIM framework backup_restore action command injection attempt (server-other.rules) * 1:32346 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 directory traversal attempt (server-other.rules) * 1:32347 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:32348 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:32349 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:32350 <-> DISABLED <-> SERVER-WEBAPP ManageEngine multipartRequest servlet directory traversal attempt (server-webapp.rules) * 1:32351 <-> DISABLED <-> SERVER-WEBAPP ManageEngine multipartRequest servlet directory traversal attempt (server-webapp.rules) * 1:32352 <-> ENABLED <-> SERVER-WEBAPP Centreon displayServiceStatus.php command injection attempt (server-webapp.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules) * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:32371 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32377 <-> DISABLED <-> FILE-OFFICE Microsoft Office invalid MS-OGRAPH DataFormat buffer overflow attempt (file-office.rules) * 1:32381 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:32382 <-> DISABLED <-> SERVER-OTHER OpenSSL DTLS SRTP extension parsing denial-of-service attempt (server-other.rules) * 1:32403 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32526 <-> DISABLED <-> POLICY-OTHER Visual Mining NetCharts default credentials authentication attempt (policy-other.rules) * 1:32527 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts directory traversal attempt (server-webapp.rules) * 1:32528 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts directory traversal attempt (server-webapp.rules) * 1:32530 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32563 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts arbitrary file upload attempt (server-webapp.rules) * 1:32581 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker XmlImportExport plugin PHP code injection attempt (server-webapp.rules) * 1:32582 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker XmlImportExport plugin PHP code injection attempt (server-webapp.rules) * 1:32601 <-> DISABLED <-> SERVER-OTHER Hikvision DVR RTSP request buffer overflow attempt (server-other.rules) * 1:32602 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer credential disclosure attempt (policy-other.rules) * 1:32603 <-> DISABLED <-> POLICY-OTHER ManageEngine Eventlog Analyzer information disclosure attempt (policy-other.rules) * 1:32619 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (file-other.rules) * 1:32620 <-> DISABLED <-> FILE-OTHER MostGear EasyLanFolderShare serial key overflow attempt (file-other.rules) * 1:32628 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager ovopi.dll buffer overflow attempt (server-other.rules) * 1:32729 <-> DISABLED <-> POLICY-OTHER HP Network Node Manager ovopi.dll command 685 insecure pointer dereference attempt (policy-other.rules) * 1:32738 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:32739 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:32740 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32741 <-> DISABLED <-> POLICY-OTHER Arris VAP2500 default credentials authentication attempt (policy-other.rules) * 1:32742 <-> ENABLED <-> SERVER-WEBAPP Arris VAP2500 tools_command.php command execution attempt (server-webapp.rules) * 1:32744 <-> DISABLED <-> SERVER-WEBAPP ManageEngine NetFlow Analyzer DisplayChartPDF directory traversal attempt (server-webapp.rules) * 1:32745 <-> DISABLED <-> SERVER-WEBAPP ManageEngine NetFlow Analyzer information disclosure attempt (server-webapp.rules) * 1:32753 <-> ENABLED <-> SERVER-WEBAPP FreePBX Framework Asterisk recording interface PHP unserialize code execution attempt (server-webapp.rules) * 1:32793 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32794 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XRef object integer overflow attempt (file-pdf.rules) * 1:32885 <-> DISABLED <-> SERVER-WEBAPP Enalean Tuleap PHP unserialize code execution attempt (server-webapp.rules) * 1:32886 <-> DISABLED <-> SERVER-WEBAPP Enalean Tuleap PHP unserialize code execution attempt (server-webapp.rules) * 1:32887 <-> DISABLED <-> SERVER-WEBAPP ActualScripts ActualAnalyzer aa.php command injection attempt (server-webapp.rules) * 1:32901 <-> DISABLED <-> FILE-OTHER Advantech ADAMView GeniDAQ display designer stack buffer overflow attempt (file-other.rules) * 1:32902 <-> DISABLED <-> FILE-OTHER Advantech ADAMView GeniDAQ display designer stack buffer overflow attempt (file-other.rules) * 1:32961 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:32962 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:32963 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:32964 <-> DISABLED <-> SERVER-WEBAPP Lexmark MarkVision Enterprise GfdFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:32968 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP name parameter directory traversal attempt (server-webapp.rules) * 1:32969 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP name parameter directory traversal attempt (server-webapp.rules) * 1:32970 <-> DISABLED <-> SERVER-WEBAPP F5 BIG-IP name parameter directory traversal attempt (server-webapp.rules) * 1:32971 <-> DISABLED <-> SERVER-WEBAPP HP System Management iprange parameter buffer overflow attempt (server-webapp.rules) * 1:32974 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (os-mobile.rules) * 1:32975 <-> DISABLED <-> OS-MOBILE Android ObjectInputStream privilege escalation attempt (os-mobile.rules) * 1:33005 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33006 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33007 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33008 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33009 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:33010 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:33011 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:33012 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:33029 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33030 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33031 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33032 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33033 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33034 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33035 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33036 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33037 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33038 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33039 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33040 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33041 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:33074 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (server-webapp.rules) * 1:33075 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (server-webapp.rules) * 1:33076 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products WsDiscoveryServlet directory traversal attempt (server-webapp.rules) * 1:33087 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:33104 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products directory traversal attempt (server-webapp.rules) * 1:33113 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory IMONITOR cross site scripting attempt (server-webapp.rules) * 1:33114 <-> DISABLED <-> SERVER-WEBAPP HP System Management Homepage cross site scripting attempt (server-webapp.rules) * 1:33197 <-> DISABLED <-> SERVER-OTHER BMC Track-It FileStorageService directory traversal attempt (server-other.rules) * 1:33276 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:33277 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:33278 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:33279 <-> DISABLED <-> SERVER-WEBAPP McAfee ePolicy Orchestrator XML external entity injection attempt (server-webapp.rules) * 1:33440 <-> DISABLED <-> SERVER-WEBAPP WordPress EasyCart PHP code execution attempt (server-webapp.rules) * 1:33441 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:33442 <-> DISABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:33446 <-> DISABLED <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt (server-webapp.rules) * 1:33447 <-> DISABLED <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt (server-webapp.rules) * 1:33448 <-> DISABLED <-> SERVER-WEBAPP Symantec Encryption Management Server command injection attempt (server-webapp.rules) * 1:33514 <-> DISABLED <-> SERVER-WEBAPP WordPress Photo Gallery PHP code execution attempt (server-webapp.rules) * 1:33515 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33516 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33517 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33518 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:33573 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products FailOverHelperServlet information disclosure attempt (server-webapp.rules) * 1:33574 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Multiple Products FailOverHelperServlet information disclosure attempt (server-webapp.rules) * 1:33581 <-> DISABLED <-> SERVER-WEBAPP nginx URI processing security bypass attempt (server-webapp.rules) * 1:33597 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central MSP StatusUpdateServlet directory traversal attempt (server-webapp.rules) * 1:33598 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central MSP StatusUpdateServlet directory traversal attempt (server-webapp.rules) * 1:33599 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central MSP StatusUpdateServlet directory traversal attempt (server-webapp.rules) * 1:33615 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:33632 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (server-webapp.rules) * 1:33651 <-> DISABLED <-> SERVER-WEBAPP Solarwinds Orion AccountManagement SQL injection attempt (server-webapp.rules) * 1:33652 <-> DISABLED <-> SERVER-WEBAPP Solarwinds Orion AccountManagement SQL injection attempt (server-webapp.rules) * 1:33653 <-> DISABLED <-> SERVER-WEBAPP Solarwinds Orion AccountManagement SQL injection attempt (server-webapp.rules) * 1:33657 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules) * 1:33658 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules) * 1:33659 <-> DISABLED <-> SERVER-WEBAPP Dell ScriptLogic Asset Manager SQL injection attempt (server-webapp.rules) * 1:33665 <-> ENABLED <-> SERVER-OTHER HP Client Automation command injection attempt (server-other.rules) * 1:33676 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway restore.php command injection attempt (server-webapp.rules) * 1:33812 <-> ENABLED <-> SERVER-WEBAPP Seagate NAS remote code execution attempt (server-webapp.rules) * 1:33813 <-> DISABLED <-> SERVER-WEBAPP Eclipse Foundation Jetty HttpParser information disclosure attempt (server-webapp.rules) * 1:33832 <-> DISABLED <-> SERVER-WEBAPP Seagate BlackArmor NAS getAlias.php command injection attempt (server-webapp.rules) * 1:33853 <-> DISABLED <-> SERVER-WEBAPP D-Link multiple products ping.ccp command injection attempt (server-webapp.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:33889 <-> DISABLED <-> SERVER-WEBAPP Websense Triton CommandLineServlet command injection attempt (server-webapp.rules) * 1:33890 <-> DISABLED <-> SERVER-WEBAPP Websense Triton CommandLineServlet command injection attempt (server-webapp.rules) * 1:33894 <-> DISABLED <-> SERVER-WEBAPP TWiki debugenableplugins arbitrary perl code injection attempt (server-webapp.rules) * 1:33895 <-> DISABLED <-> SERVER-WEBAPP TWiki debugenableplugins arbitrary perl code injection attempt (server-webapp.rules) * 1:33896 <-> DISABLED <-> SERVER-WEBAPP OpenNMS XML external entity injection attempt (server-webapp.rules) * 1:33915 <-> DISABLED <-> SERVER-WEBAPP HP ArcSight Logger directory traversal attempt (server-webapp.rules) * 1:33916 <-> DISABLED <-> SERVER-WEBAPP HP ArcSight Logger directory traversal attempt (server-webapp.rules) * 1:33917 <-> DISABLED <-> SERVER-WEBAPP HP ArcSight Logger directory traversal attempt (server-webapp.rules) * 1:33934 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Marketplace plugin directory traversal attempt (server-webapp.rules) * 1:33935 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Marketplace plugin privilege escalation attempt (server-webapp.rules) * 1:33936 <-> DISABLED <-> SERVER-WEBAPP TRENDnet TN200 Network Storage System command injection attempt (server-webapp.rules) * 1:33937 <-> DISABLED <-> SERVER-WEBAPP TRENDnet TN200 Network Storage System command injection attempt (server-webapp.rules) * 1:33938 <-> DISABLED <-> SERVER-WEBAPP Seagate BlackArmor NAS send_test_email command injection attempt (server-webapp.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34000 <-> DISABLED <-> SERVER-WEBAPP Berta Content Management System PHP code execution attempt (server-webapp.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34055 <-> DISABLED <-> SERVER-WEBAPP Lexmark Markvision Enterprise LibraryFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34056 <-> DISABLED <-> SERVER-WEBAPP Lexmark Markvision Enterprise LibraryFileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34104 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (server-webapp.rules) * 1:34105 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (server-webapp.rules) * 1:34106 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management directory traversal attempt (server-webapp.rules) * 1:34139 <-> DISABLED <-> SERVER-OTHER Novell ZenWorks configuration management file upload directory traversal attempt (server-other.rules) * 1:34156 <-> ENABLED <-> FILE-FLASH Adobe Flash Player EAC3 memory corruption attempt (file-flash.rules) * 1:34157 <-> ENABLED <-> FILE-FLASH Adobe Flash Player EAC3 memory corruption attempt (file-flash.rules) * 1:34158 <-> ENABLED <-> FILE-FLASH Adobe Flash Player EAC3 memory corruption attempt (file-flash.rules) * 1:34159 <-> ENABLED <-> FILE-FLASH Adobe Flash Player EAC3 memory corruption attempt (file-flash.rules) * 1:34160 <-> DISABLED <-> SERVER-OTHER Oracle Outside In Paradox database denial of service attempt (server-other.rules) * 1:34166 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:34167 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:34168 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:34169 <-> ENABLED <-> FILE-FLASH Adobe Flash Player byte array double free attempt (file-flash.rules) * 1:34184 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense services_unbound_acls cross site scripting attempt (server-webapp.rules) * 1:34185 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense status_captiveportal cross site scripting attempt (server-webapp.rules) * 1:34215 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense diag_logs_filter cross site scripting attempt (server-webapp.rules) * 1:34220 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules) * 1:34221 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules) * 1:34222 <-> DISABLED <-> SERVER-WEBAPP Barracuda Networks Web Filter index.cgi command injection attempt (server-webapp.rules) * 1:34225 <-> DISABLED <-> PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (protocol-ftp.rules) * 1:34238 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (server-other.rules) * 1:34239 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file upload attempt (server-other.rules) * 1:34240 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34241 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34242 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34243 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34284 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense firewall_rules cross site scripting attempt (server-webapp.rules) * 1:34285 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense firewall_shaper cross site scripting attempt (server-webapp.rules) * 1:34300 <-> ENABLED <-> SERVER-WEBAPP D-Link multiple products HNAP SOAPAction header command injection attempt (server-webapp.rules) * 1:34343 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:34344 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:34349 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34350 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34351 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34352 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34353 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34358 <-> DISABLED <-> SERVER-WEBAPP Dell SonicWALL SonicOS macIpSpoofView cross site scripting attempt (server-webapp.rules) * 1:34359 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense deletefile directory traversal attempt (server-webapp.rules) * 1:34360 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense deletefile directory traversal attempt (server-webapp.rules) * 1:34361 <-> DISABLED <-> SERVER-WEBAPP ESF pfSense deletefile directory traversal attempt (server-webapp.rules) * 1:34363 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management GetStoredResult.class SQL injection attempt (server-webapp.rules) * 1:34364 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (server-webapp.rules) * 1:34373 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34374 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34375 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34376 <-> DISABLED <-> SERVER-OTHER PHP zip_cdir_new function integer overflow file download attempt (server-other.rules) * 1:34426 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:34427 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:34471 <-> ENABLED <-> SERVER-WEBAPP Symantec Critical System Protection directory traversal attempt (server-webapp.rules) * 1:34472 <-> DISABLED <-> SERVER-WEBAPP Symantec Critical System Protection SQL injection attempt (server-webapp.rules) * 1:34481 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34482 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34483 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34484 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34485 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34486 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34487 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34488 <-> DISABLED <-> OS-OTHER QEMU floppy disk controller buffer overflow attempt (os-other.rules) * 1:34492 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34493 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34494 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34495 <-> DISABLED <-> FILE-FLASH Adobe Flash Player same origin policy security bypass attempt (file-flash.rules) * 1:34524 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType blend memory corruption attempt (file-pdf.rules) * 1:34525 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType blend memory corruption attempt (file-pdf.rules) * 1:34526 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Cooltype callother memory corruption attempt (file-pdf.rules) * 1:34527 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Cooltype callother memory corruption attempt (file-pdf.rules) * 1:34538 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34539 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray shading memory leak attempt (file-flash.rules) * 1:34552 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:34569 <-> DISABLED <-> SERVER-WEBAPP Wordpress Creative Contact Form arbitrary PHP file upload attempt (server-webapp.rules) * 1:34577 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34578 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34579 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34580 <-> DISABLED <-> FILE-FLASH Adobe Flash Player uninitialized register memory leak attempt (file-flash.rules) * 1:34584 <-> DISABLED <-> POLICY-OTHER Novell ZENworks Configuration Management session id disclosure attempt (policy-other.rules) * 1:34602 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (server-webapp.rules) * 1:34603 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34604 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts saveFile.jsp directory traversal attempt (server-webapp.rules) * 1:34605 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts saveFile.jsp directory traversal attempt (server-webapp.rules) * 1:34606 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts saveFile.jsp directory traversal attempt (server-webapp.rules) * 1:34619 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (server-webapp.rules) * 1:34620 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (server-webapp.rules) * 1:34621 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management rtrlet.class directory traversal attempt (server-webapp.rules) * 1:34633 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules) * 1:34634 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules) * 1:34635 <-> DISABLED <-> SERVER-WEBAPP Visual Mining NetCharts projectContents.jsp directory traversal attempt (server-webapp.rules) * 1:34716 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34717 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34718 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central FileUploadServlet directory traversal attempt (server-webapp.rules) * 1:34798 <-> DISABLED <-> SERVER-OTHER HP LoadRunner launcher.dll stack buffer overflow attempt (server-other.rules) * 1:34799 <-> ENABLED <-> SERVER-WEBAPP UPnP AddPortMapping SOAP action command injection attempt (server-webapp.rules) * 1:34803 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34804 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34805 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34806 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:34845 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules) * 1:34846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader setPageAction use after free attempt (file-pdf.rules) * 1:34890 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32ZLib.dll dll-load exploit attempt (file-other.rules) * 1:34891 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro u32Zlib.dll dll-load exploit attempt (file-other.rules) * 1:34892 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:34893 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro quserex.dll dll-load exploit attempt (file-other.rules) * 1:34894 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:34895 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro FxManagedCommands dll-load exploit attempt (file-other.rules) * 1:34896 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:34897 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro TD_Mgd_3.08_9.dll dll-load exploit attempt (file-other.rules) * 1:34898 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:34899 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro wacommt.dll dll-load exploit attempt (file-other.rules) * 1:34900 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:34901 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro igfxcmrt32.dll dll-load exploit attempt (file-other.rules) * 1:34902 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro ipl.dll dll-load exploit attempt (file-other.rules) * 1:34903 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:34904 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro MSPStyleLib.dll dll-load exploit attempt (file-other.rules) * 1:34905 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:34906 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uFioUtil.dll dll-load exploit attempt (file-other.rules) * 1:34907 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:34908 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uhDSPlay.dll dll-load exploit attempt (file-other.rules) * 1:34909 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uipl.dll dll-load exploit attempt (file-other.rules) * 1:34910 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro uvipl.dll dll-load exploit attempt (file-other.rules) * 1:34911 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules) * 1:34912 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll.dll dll-load exploit attempt (file-other.rules) * 1:34913 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules) * 1:34914 <-> DISABLED <-> FILE-OTHER Corel PaintShop Pro VC1DecDll_SSE3.dll dll-load exploit attempt (file-other.rules) * 1:34915 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro quserex.dll dll-load exploit attempt (netbios.rules) * 1:34916 <-> DISABLED <-> NETBIOS SMB Corel PaintShop Pro u32zlib.dll dll-load exploit attempt (netbios.rules) * 1:34938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34939 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34940 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34941 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34942 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34943 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 1:34999 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management queryid SQL injection attempt (server-webapp.rules) * 1:35000 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management queryid SQL injection attempt (server-webapp.rules) * 1:35014 <-> ENABLED <-> SERVER-WEBAPP Centreon GetXMLTrapsForVendor.php SQL injection attempt (server-webapp.rules) * 1:35015 <-> ENABLED <-> SERVER-WEBAPP Centreon GetXmlTree.php SQL injection attempt (server-webapp.rules) * 1:35016 <-> ENABLED <-> SERVER-WEBAPP Centreon cmdGetExample.php SQL injection attempt (server-webapp.rules) * 1:35017 <-> ENABLED <-> SERVER-WEBAPP Centreon makeXML_ListMetrics.php SQL injection attempt (server-webapp.rules) * 1:35032 <-> DISABLED <-> SERVER-WEBAPP LANDesk Management Suite remote file include attempt (server-webapp.rules) * 1:35033 <-> DISABLED <-> SERVER-WEBAPP LANDesk Management Suite remote file include attempt (server-webapp.rules) * 1:35048 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:35049 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ByteArray uncompress domainMemory use after free attempt (file-flash.rules) * 1:35077 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules) * 1:35078 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules) * 1:35079 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager getMGList groupId SQL injection attempt (server-webapp.rules) * 1:35094 <-> DISABLED <-> FILE-OTHER Microsoft proxy autoconfig script system library import attempt (file-other.rules) * 1:35118 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules) * 1:3518 <-> DISABLED <-> SERVER-MYSQL MaxDB WebSQL wppassword buffer overflow (server-mysql.rules) * 1:3519 <-> DISABLED <-> SERVER-MYSQL MaxDB WebSQL wppassword buffer overflow default port (server-mysql.rules) * 1:35253 <-> DISABLED <-> SERVER-OTHER LibreOffice Impress socket manager Use After Free attempt (server-other.rules) * 1:35279 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules) * 1:35280 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules) * 1:35281 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager haid SQL injection attempt (server-webapp.rules) * 1:35314 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_proxy denial of service attempt (server-apache.rules) * 1:35364 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35365 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35366 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35367 <-> ENABLED <-> FILE-FLASH Adobe Flash Player thread write double-free attempt (file-flash.rules) * 1:35372 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35373 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35374 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35375 <-> DISABLED <-> SERVER-WEBAPP WebUI mainfile.php command injection attempt (server-webapp.rules) * 1:35399 <-> DISABLED <-> SERVER-WEBAPP WordPress MailChimp Subscribe Forms PHP Code Execution command injection attempt (server-webapp.rules) * 1:35406 <-> DISABLED <-> SERVER-APACHE Apache HTTP Server mod_status heap buffer overflow attempt (server-apache.rules) * 1:35413 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:35414 <-> DISABLED <-> FILE-MULTIMEDIA Apple iLife iPhoto Photocast XML format string code injection attempt (file-multimedia.rules) * 1:35417 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (server-other.rules) * 1:35418 <-> DISABLED <-> SERVER-OTHER Fortinet Single Sign On hello message denial of service attempt (server-other.rules) * 1:35427 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules) * 1:35428 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules) * 1:35429 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager customerName SQL injection attempt (server-webapp.rules) * 1:35440 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35441 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35442 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35443 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confusion attempt (file-office.rules) * 1:35531 <-> DISABLED <-> SERVER-WEBAPP Apache HTTP server mod_cache denial of service attempt (server-webapp.rules) * 1:35532 <-> DISABLED <-> SERVER-WEBAPP Apache HTTP server mod_cache denial of service attempt (server-webapp.rules) * 1:35533 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules) * 1:35534 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules) * 1:35535 <-> DISABLED <-> SERVER-WEBAPP ManageEngine IT360 BSIntegInfoHandler resIds SQL injection attempt (server-webapp.rules) * 1:35541 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftagent SQL injection attempt (server-other.rules) * 1:35560 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid stsd atom out of bounds read attempt (file-multimedia.rules) * 1:35677 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance KSudoClient privilege escalation attempt (server-webapp.rules) * 1:35678 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules) * 1:35679 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules) * 1:35680 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance downloadpxy.php directory traversal attempt (server-webapp.rules) * 1:35681 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php authentication bypass attempt (server-webapp.rules) * 1:35682 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules) * 1:35683 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules) * 1:35684 <-> DISABLED <-> SERVER-WEBAPP Dell KACE Appliance kbot_upload.php directory traversal attempt (server-webapp.rules) * 1:35701 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:35702 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:35703 <-> DISABLED <-> SERVER-WEBAPP ManageEngine OpManager agentKey SQL injection attempt (server-webapp.rules) * 1:35704 <-> DISABLED <-> SERVER-WEBAPP Maarch LetterBox arbitrary PHP file upload attempt (server-webapp.rules) * 1:35734 <-> DISABLED <-> SERVER-WEBAPP Netgear WNDR4700 and R6200 admin interface authentication bypass attempt (server-webapp.rules) * 1:35763 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:35764 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious server dos attempt (server-other.rules) * 1:35765 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:35766 <-> DISABLED <-> SERVER-OTHER gnuTLS _asn1_extract_der_octet memory error inbound malicious client dos attempt (server-other.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:35858 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:35939 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules) * 1:35940 <-> DISABLED <-> SERVER-WEBAPP PHP phar_parse_tarfile method integer overflow attempt (server-webapp.rules) * 1:35944 <-> ENABLED <-> SERVER-MAIL IBM Domino BMP color palette stack buffer overflow attempt (server-mail.rules) * 1:36025 <-> DISABLED <-> SERVER-OTHER Digium Asterisk TLS Certificate Common Name null byte validation bypass attempt (server-other.rules) * 1:36059 <-> DISABLED <-> SERVER-WEBAPP PHP CDF file handling infinite loop dos attempt (server-webapp.rules) * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (server-other.rules) * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36191 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:36192 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:36197 <-> DISABLED <-> SERVER-WEBAPP nginx SMTP proxy STARTTLS plaintext command injection attempt (server-webapp.rules) * 1:36261 <-> DISABLED <-> SERVER-WEBAPP PHP fileinfo cdf_read_property_info denial of service attempt (server-webapp.rules) * 1:36262 <-> DISABLED <-> SERVER-WEBAPP PHP fileinfo cdf_read_property_info denial of service attempt (server-webapp.rules) * 1:36375 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework Endpoint default HTTP password authentication attempt (server-other.rules) * 1:36376 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Management Framework lcfd endpoint daemon buffer overflow attempt (server-other.rules) * 1:36383 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:36384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows FlattenPath paged memory consumption privilege escalation attempt (os-windows.rules) * 1:36461 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost sadminpwd buffer overflow attempt (server-other.rules) * 1:36462 <-> DISABLED <-> SERVER-OTHER Novell eDirectory DHost verifypwd buffer overflow attempt (server-other.rules) * 1:36493 <-> DISABLED <-> SERVER-OTHER Squid snmphandleUDP off-by-one buffer overflow attempt (server-other.rules) * 1:36507 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:36508 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:36509 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:36510 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript worker use after free attempt (file-flash.rules) * 1:36527 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:36528 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:36529 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:36530 <-> ENABLED <-> FILE-FLASH Adobe Flash Player and AIR type confusion remote code execution attempt (file-flash.rules) * 1:36544 <-> DISABLED <-> SERVER-WEBAPP pChart script parameter directory traversal attempt (server-webapp.rules) * 1:36562 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:36563 <-> DISABLED <-> OS-WINDOWS Microsoft Windows cng.sys memory leak kernel ASLR bypass attempt (os-windows.rules) * 1:36564 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (file-multimedia.rules) * 1:36565 <-> DISABLED <-> FILE-MULTIMEDIA libav LZO integer overflow attempt (file-multimedia.rules) * 1:36596 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kerberos privilege escalation attempt (os-windows.rules) * 1:36613 <-> DISABLED <-> SERVER-WEBAPP McAfee Cloud Single Sign ExtensionAccessServlet directory traversal attempt (server-webapp.rules) * 1:36614 <-> DISABLED <-> SERVER-WEBAPP McAfee Cloud Single Sign ExtensionAccessServlet directory traversal attempt (server-webapp.rules) * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:36784 <-> DISABLED <-> POLICY-OTHER Symantec LiveUpdate forcepasswd.do insecure password change attempt (policy-other.rules) * 1:36823 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack Server buffer overflow attempt (server-other.rules) * 1:36854 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules) * 1:36855 <-> ENABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (file-other.rules) * 1:36885 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:36886 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:36900 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive showRecxml.jsp directory traversal attempt (server-webapp.rules) * 1:36901 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive showRecxml.jsp directory traversal attempt (server-webapp.rules) * 1:36902 <-> DISABLED <-> SERVER-WEBAPP Oracle BeeHive showRecxml.jsp directory traversal attempt (server-webapp.rules) * 1:37025 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37026 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37096 <-> DISABLED <-> SERVER-WEBAPP Joomla Component com_gmaps SQL injection attempt (server-webapp.rules) * 1:37097 <-> DISABLED <-> SERVER-WEBAPP Joomla Component com_gmaps SQL injection attempt (server-webapp.rules) * 1:37098 <-> DISABLED <-> SERVER-WEBAPP Joomla Component com_gmaps SQL injection attempt (server-webapp.rules) * 1:37099 <-> DISABLED <-> SERVER-WEBAPP Joomla Component com_gmaps SQL injection attempt (server-webapp.rules) * 1:37133 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules) * 1:37134 <-> DISABLED <-> SERVER-WEBAPP Joomla com_youtubegallery module SQL injection attempt (server-webapp.rules) * 1:37148 <-> DISABLED <-> SERVER-WEBAPP WordPress Gallery Objects Plugin viewid SQL injection attempt (server-webapp.rules) * 1:37242 <-> ENABLED <-> SERVER-WEBAPP D-Link DCS-900 Series Network Camera arbitrary file upload attempt (server-webapp.rules) * 1:37362 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules) * 1:37363 <-> DISABLED <-> SERVER-OTHER Java Library SpringFramework unauthorized serialized object attempt (server-other.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:37664 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:37665 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:37690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules) * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37803 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37828 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:37829 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:37830 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37831 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37832 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37833 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:37854 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router cross site scripting attempt (server-webapp.rules) * 1:37855 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router cross site scripting attempt (server-webapp.rules) * 1:37856 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router cross site scripting attempt (server-webapp.rules) * 1:37857 <-> DISABLED <-> SERVER-WEBAPP D-Link DSL router cross site scripting attempt (server-webapp.rules) * 1:37912 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37913 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37914 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37915 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37916 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:37934 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager LIST stack overflow attempt (protocol-ftp.rules) * 1:37937 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:37938 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:37939 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:37940 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash pixel bender buffer overflow attempt (file-multimedia.rules) * 1:37941 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:37942 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:37943 <-> DISABLED <-> SERVER-WEBAPP AlienVault OSSIM a_deployment.php command injection attempt (server-webapp.rules) * 1:38012 <-> DISABLED <-> SERVER-WEBAPP Alienvault OSSIM graph_geoloc.php SQL injection attempt (server-webapp.rules) * 1:38189 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38190 <-> DISABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38191 <-> ENABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38192 <-> ENABLED <-> FILE-FLASH Adobe Flash Player si32 integer overflow attempt (file-flash.rules) * 1:38229 <-> DISABLED <-> SERVER-WEBAPP Wordpress Simple Ads Manager sam-ajax-admin.php directory traversal attempt (server-webapp.rules) * 1:38266 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word HTML linked objects memory corruption attempt (file-office.rules) * 1:38267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word HTML linked objects memory corruption attempt (file-office.rules) * 1:3827 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php post attempt (server-webapp.rules) * 1:38272 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:38273 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:38274 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:38351 <-> DISABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt (server-webapp.rules) * 1:38897 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 aires.dll dll-load exploit attempt (file-other.rules) * 1:38898 <-> DISABLED <-> FILE-OTHER Adobe Illustrator CS4 aires.dll dll-load exploit attempt (file-other.rules) * 1:38964 <-> DISABLED <-> POLICY-OTHER VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (policy-other.rules) * 1:38965 <-> DISABLED <-> SERVER-WEBAPP VMware vCenter Chargeback Manager ImageUploadServlet arbitrary JSP file upload attempt (server-webapp.rules) * 1:39391 <-> DISABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:41907 <-> DISABLED <-> POLICY-OTHER SSL/TLS weak RC4 cipher suite use attempt (policy-other.rules) * 1:43674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:43675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:45399 <-> DISABLED <-> FILE-OTHER Adobe Photoshop asset elements stack based buffer overflow attempt (file-other.rules) * 1:4637 <-> DISABLED <-> SERVER-OTHER MailEnable HTTPMail buffer overflow attempt (server-other.rules) * 1:46482 <-> ENABLED <-> MALWARE-CNC Installation Keylogger Osx.Trojan.Mokes data exfiltration (malware-cnc.rules) * 1:46640 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Worm.Brontok outbound HTTP request attempt (indicator-compromise.rules) * 1:46641 <-> DISABLED <-> INDICATOR-COMPROMISE Win.Worm.Brontok outbound HTTP request attempt (indicator-compromise.rules) * 1:46642 <-> ENABLED <-> MALWARE-CNC Win.Worm.Brontok user-agent outbound connection (malware-cnc.rules) * 1:47032 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:47033 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:47744 <-> DISABLED <-> SERVER-WEBAPP Quest DR Series Disk Backup CustomerPortalService.pm command injection attempt (server-webapp.rules) * 1:494 <-> DISABLED <-> INDICATOR-COMPROMISE command completed (indicator-compromise.rules) * 1:604 <-> DISABLED <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt (protocol-services.rules) * 1:7722 <-> DISABLED <-> MALWARE-CNC prorat 1.9 cgi notification detection (malware-cnc.rules) * 1:8085 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager connectedNodes.ovpl command injection attempt (server-webapp.rules) * 1:8086 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager cdpView.ovpl command injection attempt (server-webapp.rules) * 1:8087 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager freeIPaddrs.ovpl command injection attempt (server-webapp.rules) * 1:8088 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager connectedNodes.ovpl command injection attempt (server-webapp.rules) * 1:8089 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager cdpView.ovpl command injection attempt (server-webapp.rules) * 1:8090 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager freeIPaddrs.ovpl command injection attempt (server-webapp.rules) * 1:8734 <-> DISABLED <-> SERVER-WEBAPP Pajax call_dispatcher className directory traversal attempt (server-webapp.rules) * 1:9620 <-> DISABLED <-> SERVER-WEBAPP Pajax call_dispatcher remote code execution attempt (server-webapp.rules) * 1:31687 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:1209 <-> DISABLED <-> SERVER-WEBAPP .nsconfig access (server-webapp.rules) * 1:12286 <-> DISABLED <-> FILE-OTHER PCRE character class heap buffer overflow attempt (file-other.rules) * 1:12362 <-> DISABLED <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt (server-webapp.rules) * 1:12746 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime invalid stsd atom out of bounds read attempt (file-multimedia.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:13293 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime panorama atoms buffer overflow attempt (file-multimedia.rules) * 1:13487 <-> DISABLED <-> PUA-ADWARE Adware elite protector runtime detection (pua-adware.rules) * 1:13816 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (server-webapp.rules) * 1:13817 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (server-webapp.rules) * 1:13818 <-> DISABLED <-> SERVER-WEBAPP PHP alternate xmlrpc.php command injection attempt (server-webapp.rules) * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:13866 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection - popup ads (malware-other.rules) * 1:13867 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker-fc.gen.a runtime detection (malware-other.rules) * 1:13902 <-> DISABLED <-> SERVER-OTHER IBM Lotus Sametime multiplexer stack buffer overflow attempt (server-other.rules) * 1:13916 <-> DISABLED <-> SERVER-WEBAPP Alt-N SecurityGateway username buffer overflow attempt (server-webapp.rules) * 1:13925 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager PASV stack overflow attempt (protocol-ftp.rules) * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules) * 1:13940 <-> DISABLED <-> PUA-ADWARE Hijacker win32.bho.bgf outbound connection (pua-adware.rules) * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules) * 1:14230 <-> DISABLED <-> SERVER-WEBAPP SAP DB web server stack buffer overflow attempt (server-webapp.rules) * 1:14265 <-> DISABLED <-> PROTOCOL-SCADA Multiple Schneider Electric SCADA products buffer overflow attempt (protocol-scada.rules) * 1:14607 <-> DISABLED <-> SERVER-OTHER CA Brightstor SUN RPC malformed string buffer overflow attempt (server-other.rules) * 1:14608 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules) * 1:14609 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules) * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules) * 1:1478 <-> DISABLED <-> SERVER-WEBAPP Simple Web Counter URI Parameter Buffer Overflow attempt (server-webapp.rules) * 1:1485 <-> DISABLED <-> SERVER-IIS mkilog.exe access (server-iis.rules) * 1:15472 <-> DISABLED <-> FILE-MULTIMEDIA Multiple MP3 player PLS buffer overflow attempt (file-multimedia.rules) * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (protocol-imap.rules) * 1:15562 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt (file-pdf.rules) * 1:15896 <-> DISABLED <-> SERVER-OTHER Firebird SQL op_connect_request denial of service attempt (server-other.rules) * 1:15939 <-> DISABLED <-> SERVER-OTHER MSN Messenger IRC bot calling home attempt (server-other.rules) * 1:16051 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 conversion library code execution attempt (file-office.rules) * 1:16098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.cekar variant outbound connection (malware-cnc.rules) * 1:16131 <-> DISABLED <-> MALWARE-OTHER Trackware adclicker trojan zlob.dnz runtime detection - ads (malware-other.rules) * 1:16140 <-> DISABLED <-> MALWARE-CNC torpig-mebroot command and control checkin (malware-cnc.rules) * 1:16184 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-image.rules) * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (server-other.rules) * 1:16231 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:16271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS.1.Gen keepalive detection (malware-cnc.rules) * 1:16365 <-> DISABLED <-> PUA-ADWARE OnlineGames download attempt (pua-adware.rules) * 1:16366 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded OpenType font engine LZX decompression buffer overflow attempt (os-windows.rules) * 1:16494 <-> DISABLED <-> PUA-ADWARE Cutwail spambot server communication attempt (pua-adware.rules) * 1:16498 <-> DISABLED <-> PUA-ADWARE PC Antispyware 2010 FakeAV download/update attempt (pua-adware.rules) * 1:16598 <-> DISABLED <-> SERVER-OTHER Green Dam URL handling overflow attempt (server-other.rules) * 1:16606 <-> DISABLED <-> SERVER-ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt (server-oracle.rules) * 1:16636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows .NET framework XMLDsig data tampering attempt (os-windows.rules) * 1:16638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt (file-office.rules) * 1:16665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Help Centre escape sequence XSS attempt (os-windows.rules) * 1:16688 <-> DISABLED <-> SERVER-OTHER iscsi target format string code execution attempt (server-other.rules) * 1:16689 <-> DISABLED <-> SERVER-OTHER Palo Alto Networks Firewall editUser.esp XSS attempt (server-other.rules) * 1:16692 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules) * 1:16696 <-> DISABLED <-> FILE-OTHER Astonsoft Deepburner db file path buffer overflow attempt (file-other.rules) * 1:16726 <-> DISABLED <-> FILE-OTHER gAlan malformed file stack overflow attempt (file-other.rules) * 1:16727 <-> DISABLED <-> FILE-OTHER IDEAL Administration IPJ file handling stack overflow attempt (file-other.rules) * 1:16731 <-> DISABLED <-> FILE-OTHER ProShow Gold PSH file handling overflow attempt (file-other.rules) * 1:16732 <-> DISABLED <-> FILE-OTHER SafeNet SoftRemote multiple policy file local overflow attempt (file-other.rules) * 1:16733 <-> DISABLED <-> FILE-OTHER UltraISO CCD file handling overflow attempt (file-other.rules) * 1:16736 <-> DISABLED <-> FILE-OTHER VariCAD multiple products DWB file handling overflow attempt (file-other.rules) * 1:16737 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 1 (file-multimedia.rules) * 1:16738 <-> DISABLED <-> FILE-MULTIMEDIA Xenorate Media Player XPL file handling overflow attempt - 2 (file-multimedia.rules) * 1:16751 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (file-multimedia.rules) * 1:16752 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (file-multimedia.rules) * 1:16753 <-> DISABLED <-> SERVER-WEBAPP VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (server-webapp.rules) * 1:16787 <-> DISABLED <-> FILE-OTHER Symantec multiple products AeXNSConsoleUtilities RunCMD buffer overflow attempt (file-other.rules) * 1:17103 <-> DISABLED <-> SERVER-IIS IIS 5.1 alternate data stream authentication bypass attempt (server-iis.rules) * 1:17139 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System HNDLRSVC arbitrary command execution attempt (server-other.rules) * 1:17155 <-> DISABLED <-> SERVER-OTHER Multiple vendors OPIE off-by-one stack buffer overflow attempt (server-other.rules) * 1:17234 <-> ENABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules) * 1:17235 <-> ENABLED <-> MALWARE-CNC VBMania mass mailing worm download (malware-cnc.rules) * 1:17238 <-> DISABLED <-> FILE-OTHER ACD Systems ACDSee Products XBM file handling buffer overflow attempt (file-other.rules) * 1:17250 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt (file-office.rules) * 1:17256 <-> DISABLED <-> OS-WINDOWS Microsoft Windows uniscribe fonts parsing memory corruption attempt (os-windows.rules) * 1:17301 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:17308 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:17373 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime panorama atoms buffer overflow attempt (file-multimedia.rules) * 1:17440 <-> DISABLED <-> SERVER-IIS RSA authentication agent for web redirect buffer overflow attempt (server-iis.rules) * 1:17505 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:17506 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:17507 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:17560 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word global array index heap overflow attempt (file-office.rules) * 1:17805 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Neeris.BF variant outbound connection (malware-cnc.rules) * 1:18102 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt (file-pdf.rules) * 1:18222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules) * 1:18224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder wmerrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder winietenu.dll dll-load exploit attempt (os-windows.rules) * 1:18227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Encoder asferrorenu.dll dll-load exploit attempt (os-windows.rules) * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:18247 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules) * 1:18279 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karagany.A variant outbound connection (malware-cnc.rules) * 1:18281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.njz variant outbound connection (malware-cnc.rules) * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (server-webapp.rules) * 1:18448 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:18451 <-> DISABLED <-> FILE-PDF Adobe Acrobat ICC color integer overflow attempt (file-pdf.rules) * 1:18453 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:18457 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D rgba parsing overflow attempt (file-pdf.rules) * 1:18478 <-> DISABLED <-> SERVER-WEBAPP miniBB rss.php premodDir remote file include attempt (server-webapp.rules) * 1:18479 <-> DISABLED <-> SERVER-WEBAPP miniBB rss.php pathToFiles remote file include attempt (server-webapp.rules) * 1:18488 <-> DISABLED <-> FILE-OTHER Adobe Photoshop wintab32.dll dll-load exploit attempt (file-other.rules) * 1:18489 <-> DISABLED <-> FILE-OTHER Adobe Photoshop wintab32.dll dll-load exploit attempt (file-other.rules) * 1:18506 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules) * 1:18507 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules) * 1:18511 <-> DISABLED <-> SERVER-OTHER Sourcefire Snort packet fragmentation reassembly denial of service attempt (server-other.rules) * 1:18524 <-> DISABLED <-> SERVER-OTHER Multiple vendor anti-virus extended ASCII filename scan bypass attempt (server-other.rules) * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18529 <-> DISABLED <-> FILE-OTHER Adobe Premiere Pro ibfs32.dll dll-load exploit attempt (file-other.rules) * 1:18530 <-> DISABLED <-> FILE-OTHER Adobe Premier Pro ibfs32.dll dll-load exploit attempt (file-other.rules) * 1:18531 <-> DISABLED <-> SERVER-OTHER Multiple Vendors iacenc.dll dll-load exploit attempt (server-other.rules) * 1:18532 <-> DISABLED <-> OS-WINDOWS Multiple Vendors iacenc.dll dll-load exploit attempt (os-windows.rules) * 1:18535 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word file sprmTSetBrc processing buffer overflow attempt (file-office.rules) * 1:18562 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.LivePcCare variant outbound connection (malware-cnc.rules) * 1:18575 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager LIST stack overflow attempt (protocol-ftp.rules) * 1:18577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.agum variant outbound connection (malware-cnc.rules) * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (server-other.rules) * 1:18618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar.dpvy/Parkchicers.A/Delf checkin (malware-cnc.rules) * 1:18638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:18642 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:18643 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (file-office.rules) * 1:18707 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ControlCenter variant outbound connection (malware-cnc.rules) * 1:18708 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AntivirusSoft variant outbound connection (malware-cnc.rules) * 1:18709 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.aufm variant outbound connection (malware-cnc.rules) * 1:18711 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.SecurityCentral variant outbound connection (malware-cnc.rules) * 1:18712 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.XJRAntivirus variant outbound connection (malware-cnc.rules) * 1:18715 <-> ENABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (malware-cnc.rules) * 1:18716 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.H variant outbound connection (malware-cnc.rules) * 1:18717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.QO variant outbound connection (malware-cnc.rules) * 1:18718 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AdvancedDefender variant outbound connection (malware-cnc.rules) * 1:18719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.CBY variant outbound connection (malware-cnc.rules) * 1:18720 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Terzib.A variant outbound connection (malware-cnc.rules) * 1:18723 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.CleanV variant outbound connection (malware-cnc.rules) * 1:18724 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ZeroClean variant outbound connection (malware-cnc.rules) * 1:18739 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Koobface.D variant outbound connection (malware-cnc.rules) * 1:18753 <-> DISABLED <-> SERVER-OTHER Zend Server Java Bridge remote code execution attempt (server-other.rules) * 1:18764 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules) * 1:18808 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail Server List Mailer Reply-To address buffer overflow attempt (server-mail.rules) * 1:18934 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- malware-cnc.rules) * 1:18936 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Win.Trojan.FakeAV (malware-cnc.rules) * 1:18937 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Win.Trojan.Krap (malware-cnc.rules) * 1:18939 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:18940 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Sality (malware-cnc.rules) * 1:18941 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - FakeAV (malware-cnc.rules) * 1:18942 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - MacProtector (malware-cnc.rules) * 1:18943 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - MacDefender (malware-cnc.rules) * 1:18945 <-> DISABLED <-> MALWARE-CNC Virus.Win32.Feberr variant outbound connection (malware-cnc.rules) * 1:18946 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IRCBot.FC variant outbound connection (malware-cnc.rules) * 1:18947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.FC variant outbound connection (malware-cnc.rules) * 1:18952 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:18976 <-> DISABLED <-> MALWARE-CNC Rogue-Software.AVCare variant outbound connection (malware-cnc.rules) * 1:18977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy variant outbound connection (malware-cnc.rules) * 1:18978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pasta.aoq variant outbound connection (malware-cnc.rules) * 1:18980 <-> DISABLED <-> MALWARE-CNC WinSpywareProtect variant outbound connection (malware-cnc.rules) * 1:18981 <-> DISABLED <-> MALWARE-CNC WinSpywareProtect variant outbound connection (malware-cnc.rules) * 1:18982 <-> DISABLED <-> MALWARE-CNC WinSpywareProtect variant outbound connection (malware-cnc.rules) * 1:18984 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Win32/Trojanclicker (malware-cnc.rules) * 1:18998 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:19016 <-> ENABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19017 <-> ENABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19018 <-> ENABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19019 <-> ENABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules) * 1:19021 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Win32.FraudLoad.dzm variant outbound connection (malware-cnc.rules) * 1:19023 <-> DISABLED <-> MALWARE-CNC IRC.Zapchast.zwrc variant outbound connection (malware-cnc.rules) * 1:19024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.StartPage variant outbound connection (malware-cnc.rules) * 1:19025 <-> DISABLED <-> MALWARE-CNC Win.Trojan-Banker.Win32.Bancos.etf variant outbound connection (malware-cnc.rules) * 1:19027 <-> DISABLED <-> MALWARE-CNC BrowserModifier.Win32.Kerlofost variant outbound connection (malware-cnc.rules) * 1:19028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mailbot variant outbound connection (malware-cnc.rules) * 1:19030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uloadis variant outbound connection (malware-cnc.rules) * 1:19031 <-> DISABLED <-> MALWARE-CNC iPRIVACY variant outbound connection (malware-cnc.rules) * 1:19032 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cornfemo variant outbound connection (malware-cnc.rules) * 1:19033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cornfemo variant outbound connection (malware-cnc.rules) * 1:19035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vilsel.baqb variant outbound connection (malware-cnc.rules) * 1:19036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IRCBrute.I variant outbound connection (malware-cnc.rules) * 1:19037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBrute.I variant outbound connection (malware-cnc.rules) * 1:19038 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (malware-cnc.rules) * 1:19039 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Linkbot.alr variant outbound connection (malware-cnc.rules) * 1:19040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linkbot.alr variant outbound connection (malware-cnc.rules) * 1:19041 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.C variant outbound connection (malware-cnc.rules) * 1:19042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.ACQE variant outbound connection (malware-cnc.rules) * 1:19043 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.BestBoan outbound connection (pua-adware.rules) * 1:19044 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.ThinkPoint outbound connection (pua-adware.rules) * 1:19045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.XQ variant outbound connection (malware-cnc.rules) * 1:19046 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.Winwebsec outbound connection (pua-adware.rules) * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules) * 1:19048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkness variant outbound connection (malware-cnc.rules) * 1:19050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra.fxe variant outbound connection (malware-cnc.rules) * 1:19052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (malware-cnc.rules) * 1:19053 <-> ENABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (malware-cnc.rules) * 1:19054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sisron.nelo variant outbound connection (malware-cnc.rules) * 1:19055 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (malware-cnc.rules) * 1:19056 <-> ENABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19057 <-> ENABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules) * 1:19058 <-> ENABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (malware-cnc.rules) * 1:19059 <-> DISABLED <-> PUA-ADWARE RogueSoftware.Win32.SystemDefragmenter outbound connection (pua-adware.rules) * 1:19060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ponmocup.A variant outbound connection (malware-cnc.rules) * 1:19061 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Cashtitan contact to server attempt (pua-adware.rules) * 1:19062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakePlus variant outbound connection (malware-cnc.rules) * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (server-other.rules) * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (server-webapp.rules) * 1:19164 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules) * 1:19206 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:19225 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SerAuxTrend biff record corruption attempt (file-office.rules) * 1:19309 <-> DISABLED <-> PUA-ADWARE hijacker starware videos outbound connection (pua-adware.rules) * 1:19310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen3 variant outbound connection (malware-cnc.rules) * 1:19312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aah variant outbound connection (malware-cnc.rules) * 1:19328 <-> ENABLED <-> MALWARE-CNC PointGuide variant outbound connection (malware-cnc.rules) * 1:19329 <-> DISABLED <-> MALWARE-CNC Faceback.exe variant outbound connection (malware-cnc.rules) * 1:19330 <-> DISABLED <-> MALWARE-CNC Adclicker Win.Trojan.Zlob.dnz variant outbound connection (malware-cnc.rules) * 1:19331 <-> DISABLED <-> MALWARE-CNC Adclicker Win.Trojan.Zlob.dnz variant outbound connection (malware-cnc.rules) * 1:19332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clampi variant outbound connection (malware-cnc.rules) * 1:19339 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (malware-cnc.rules) * 1:19340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav TREAntivirus variant outbound connection (malware-cnc.rules) * 1:19341 <-> DISABLED <-> MALWARE-CNC Worm MSIL.AiO.a variant outbound connection (malware-cnc.rules) * 1:19342 <-> DISABLED <-> MALWARE-CNC Adware Professional variant outbound connection (malware-cnc.rules) * 1:19343 <-> DISABLED <-> MALWARE-CNC Adware Pro variant outbound connection (malware-cnc.rules) * 1:19344 <-> DISABLED <-> MALWARE-CNC AntiMalware Pro variant outbound connection (malware-cnc.rules) * 1:19345 <-> DISABLED <-> MALWARE-CNC REAnti variant outbound connection (malware-cnc.rules) * 1:19346 <-> DISABLED <-> MALWARE-CNC Additional Guard variant outbound connection (malware-cnc.rules) * 1:19348 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (malware-cnc.rules) * 1:19349 <-> DISABLED <-> MALWARE-CNC Fakeav Vaccineclear variant outbound connection (malware-cnc.rules) * 1:19351 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (malware-cnc.rules) * 1:19352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.D variant outbound connection (malware-cnc.rules) * 1:19353 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (malware-cnc.rules) * 1:19357 <-> ENABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (malware-cnc.rules) * 1:19358 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (malware-cnc.rules) * 1:19359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dcbavict.A variant outbound connection (malware-cnc.rules) * 1:19360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dcbavict.A variant outbound connection (malware-cnc.rules) * 1:19361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dcbavict.A variant outbound connection (malware-cnc.rules) * 1:19363 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot.B variant outbound connection (malware-cnc.rules) * 1:19366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HXWAN.A variant outbound connection (malware-cnc.rules) * 1:19367 <-> DISABLED <-> MALWARE-CNC Win.Worm.Vaubeg.A variant outbound connection (malware-cnc.rules) * 1:19368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules) * 1:19371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.IC variant outbound connection (malware-cnc.rules) * 1:19372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string javasw - Trojan.Banload (malware-cnc.rules) * 1:19391 <-> DISABLED <-> PUA-ADWARE Lost Door v3.0 (pua-adware.rules) * 1:19392 <-> ENABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19393 <-> DISABLED <-> MALWARE-OTHER Keylogger Monitor.win32.perflogger (malware-other.rules) * 1:19394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tidserv variant outbound connection (malware-cnc.rules) * 1:19395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Monkif.J inbound connection - dest ip infected (malware-cnc.rules) * 1:19396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beastdoor.b variant outbound connection (malware-cnc.rules) * 1:19397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UltimateDefender.xv variant outbound connection (malware-cnc.rules) * 1:19398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BAT.Shutdown.ef variant outbound connection (malware-cnc.rules) * 1:19399 <-> DISABLED <-> MALWARE-CNC Email Worm Win32.Zhelatin.ch variant outbound connection (malware-cnc.rules) * 1:19400 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sddrop.D variant outbound connection (malware-cnc.rules) * 1:19401 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sddrop.D variant outbound connection (malware-cnc.rules) * 1:19402 <-> DISABLED <-> MALWARE-CNC P2P Worm.Win32.Malas.r variant outbound connection (malware-cnc.rules) * 1:19404 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ozdok variant outbound connection (malware-cnc.rules) * 1:19426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Crypter.i variant outbound connection (malware-cnc.rules) * 1:19427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.amjz variant outbound connection (malware-cnc.rules) * 1:19428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Adload.BG variant outbound connection (malware-cnc.rules) * 1:19429 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules) * 1:19433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fujacks.aw variant outbound connection (malware-cnc.rules) * 1:19434 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrCode (malware-cnc.rules) * 1:19435 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (malware-cnc.rules) * 1:19453 <-> DISABLED <-> PUA-ADWARE Sus.BancDI-B trojan outbound connection (pua-adware.rules) * 1:19454 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PWS.Win32.QQPass.IK variant outbound connection (malware-cnc.rules) * 1:19456 <-> DISABLED <-> MALWARE-CNC Packed.Win32.Klone.bj variant outbound connection (malware-cnc.rules) * 1:19457 <-> DISABLED <-> MALWARE-CNC Trojan-Clicker.Win32.Vesloruki.ajb variant outbound connection (malware-cnc.rules) * 1:19458 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules) * 1:19459 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules) * 1:19476 <-> DISABLED <-> MALWARE-CNC Exploit.Win32.SqlShell.r variant outbound connection (malware-cnc.rules) * 1:19477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap.af variant outbound connection (malware-cnc.rules) * 1:19478 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Taterf.B variant outbound connection (malware-cnc.rules) * 1:19479 <-> DISABLED <-> MALWARE-CNC Net-Worm.Win32.Piloyd.m variant outbound connection - request html (malware-cnc.rules) * 1:19480 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules) * 1:19481 <-> DISABLED <-> MALWARE-CNC Email-Worm.Win32.Agent.bx variant outbound connection (malware-cnc.rules) * 1:19482 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules) * 1:19483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reload.fy variant outbound connection (malware-cnc.rules) * 1:19485 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RAV1 (malware-cnc.rules) * 1:19486 <-> DISABLED <-> PUA-ADWARE W32.Fiala.A outbound connection (pua-adware.rules) * 1:19487 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.kih variant outbound connection (malware-cnc.rules) * 1:19488 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Failnum.A variant outbound connection (malware-cnc.rules) * 1:19489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DeAlfa.fa variant outbound connection (malware-cnc.rules) * 1:19490 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (malware-cnc.rules) * 1:19491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Genome.vau variant outbound connection (malware-cnc.rules) * 1:19492 <-> DISABLED <-> MALWARE-CNC Windows System Defender variant outbound connection (malware-cnc.rules) * 1:19493 <-> ENABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (malware-cnc.rules) * 1:19494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Licum variant outbound connection (malware-cnc.rules) * 1:19495 <-> DISABLED <-> MALWARE-CNC Win.Worm.Pilleuz variant outbound connection (malware-cnc.rules) * 1:19554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav Antivirus Xp Pro variant outbound connection (malware-cnc.rules) * 1:19555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules) * 1:19556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Homa variant outbound connection (malware-cnc.rules) * 1:19557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shark.ag variant outbound connection (malware-cnc.rules) * 1:19566 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules) * 1:19567 <-> DISABLED <-> PUA-ADWARE W32.Ackantta.C.mm mass-mailer outbound connection (pua-adware.rules) * 1:19568 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.PerfectKeylogger variant outbound connection (malware-cnc.rules) * 1:19569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perkesh variant outbound connection (malware-cnc.rules) * 1:19570 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ie 11.0 sp6 (malware-cnc.rules) * 1:19571 <-> DISABLED <-> PUA-ADWARE Antivirus Agent Pro outbound connection (pua-adware.rules) * 1:19572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FFSearch variant outbound connection (malware-cnc.rules) * 1:19573 <-> DISABLED <-> MALWARE-CNC Win.Worm.Chiviper.C variant outbound connection (malware-cnc.rules) * 1:19574 <-> DISABLED <-> MALWARE-CNC Win.Worm.Chiviper.C variant outbound connection (malware-cnc.rules) * 1:19575 <-> DISABLED <-> MALWARE-CNC Win.Worm.Emold.U variant outbound connection (malware-cnc.rules) * 1:19576 <-> DISABLED <-> PUA-ADWARE Antivirus Pro 2010 outbound connection (pua-adware.rules) * 1:19577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Dogrobot.E variant outbound connection (malware-cnc.rules) * 1:19578 <-> DISABLED <-> PUA-ADWARE Personal Guard 2009 outbound connection (pua-adware.rules) * 1:19579 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (malware-cnc.rules) * 1:19580 <-> DISABLED <-> MALWARE-CNC Win.Worm.Basun.wsc inbound connection (malware-cnc.rules) * 1:19581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Apher.gpd variant outbound connection (malware-cnc.rules) * 1:19582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Apher.gpd variant outbound connection (malware-cnc.rules) * 1:19583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bumat.rts variant outbound connection (malware-cnc.rules) * 1:19584 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dref.C variant outbound connection (malware-cnc.rules) * 1:19585 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dref.C variant outbound connection - notification (malware-cnc.rules) * 1:19586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Agent.dlg variant outbound connection (malware-cnc.rules) * 1:19587 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sereki.B variant outbound connection (malware-cnc.rules) * 1:19588 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sereki.B successful connection (malware-cnc.rules) * 1:19589 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules) * 1:19590 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (malware-cnc.rules) * 1:19591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Powp.pyv variant outbound connection (malware-cnc.rules) * 1:19592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:19593 <-> DISABLED <-> MALWARE-CNC Win.Worm.Agent.btxm variant outbound connection IRC (malware-cnc.rules) * 1:19594 <-> DISABLED <-> PUA-ADWARE Win32.Fruspam outbound connection (pua-adware.rules) * 1:19595 <-> DISABLED <-> MALWARE-OTHER known malicious email string - You have received a Hallmark E-Card (malware-other.rules) * 1:19596 <-> DISABLED <-> MALWARE-CNC Poison Ivy variant outbound connection (malware-cnc.rules) * 1:19597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cws variant outbound connection (malware-cnc.rules) * 1:19598 <-> DISABLED <-> PUA-ADWARE Infostealer.Gampass outbound connection (pua-adware.rules) * 1:19608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wisscmd.A variant outbound connection (malware-cnc.rules) * 1:19611 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string INet - Win32.Virus.Jusabli.A (malware-cnc.rules) * 1:19612 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Banload.bvk variant outbound connection (malware-cnc.rules) * 1:19613 <-> DISABLED <-> MALWARE-CNC Rogue Software Registry Cleaner Pro variant outbound connection (malware-cnc.rules) * 1:19614 <-> ENABLED <-> MALWARE-CNC Win.Trojan.IRCBot.kkr variant outbound connection (malware-cnc.rules) * 1:19615 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.kkr variant outbound connection (malware-cnc.rules) * 1:19616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Win32.Banbra.mcq variant outbound connection (malware-cnc.rules) * 1:19622 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (malware-cnc.rules) * 1:19623 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (malware-cnc.rules) * 1:19625 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (malware-cnc.rules) * 1:19626 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (malware-cnc.rules) * 1:19627 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (malware-cnc.rules) * 1:19628 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (malware-cnc.rules) * 1:19631 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (malware-cnc.rules) * 1:19632 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (malware-cnc.rules) * 1:19633 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (malware-cnc.rules) * 1:19635 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (malware-cnc.rules) * 1:19636 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (malware-cnc.rules) * 1:19637 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (malware-cnc.rules) * 1:19638 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (malware-cnc.rules) * 1:19652 <-> DISABLED <-> MALWARE-CNC Teevsock C variant outbound connection (malware-cnc.rules) * 1:19654 <-> DISABLED <-> MALWARE-CNC Trojan-Spy.Win32.Zbot.wti variant outbound connection (malware-cnc.rules) * 1:19655 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Agent.IK variant outbound connection (malware-cnc.rules) * 1:19656 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Peace.lh variant outbound connection (malware-cnc.rules) * 1:19657 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules) * 1:19658 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (malware-cnc.rules) * 1:19659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soleseq.A variant outbound connection (malware-cnc.rules) * 1:19660 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Riern.K variant outbound connection (malware-cnc.rules) * 1:19695 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.VB.nec variant outbound connection (malware-cnc.rules) * 1:19696 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot.nng inbound connection (malware-cnc.rules) * 1:19697 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Win32.VB.btm variant outbound connection (malware-cnc.rules) * 1:19698 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prosti.AG variant outbound connection (malware-cnc.rules) * 1:19699 <-> DISABLED <-> MALWARE-CNC TrojanDownloader.Win32.Korklic.A variant outbound connection (malware-cnc.rules) * 1:19700 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.tnr variant outbound connection (malware-cnc.rules) * 1:19701 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hassar.A variant outbound connection (malware-cnc.rules) * 1:19702 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (malware-cnc.rules) * 1:19703 <-> ENABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (malware-cnc.rules) * 1:19704 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19705 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules) * 1:19706 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (malware-cnc.rules) * 1:19711 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules) * 1:19712 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:19715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.URLZone variant outbound connection (malware-cnc.rules) * 1:19716 <-> DISABLED <-> MALWARE-CNC TrojanSpy.Win32.Banker.OO variant outbound connection (malware-cnc.rules) * 1:19717 <-> DISABLED <-> PUA-ADWARE Virus.Win32.Virut.ce outbound connection (pua-adware.rules) * 1:19718 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Agent.bkap variant outbound connection (malware-cnc.rules) * 1:19719 <-> DISABLED <-> MALWARE-CNC Email-Worm.Win32.Bagle.of variant outbound connection (malware-cnc.rules) * 1:19720 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.Win32.Onestage.ws variant outbound connection (malware-cnc.rules) * 1:19721 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.mlh variant outbound connection (malware-cnc.rules) * 1:19722 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (malware-cnc.rules) * 1:19723 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (malware-cnc.rules) * 1:19724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:19725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (malware-cnc.rules) * 1:19726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (malware-cnc.rules) * 1:19727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.DI variant outbound connection (malware-cnc.rules) * 1:19728 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yayih variant outbound connection (malware-cnc.rules) * 1:19729 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yayih variant outbound connection (malware-cnc.rules) * 1:19730 <-> ENABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (malware-cnc.rules) * 1:19731 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (malware-cnc.rules) * 1:19732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (malware-cnc.rules) * 1:19733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.BRU variant outbound connection (malware-cnc.rules) * 1:19739 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Apptom variant outbound connection (malware-cnc.rules) * 1:19740 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.aczu variant outbound connection (malware-cnc.rules) * 1:19741 <-> DISABLED <-> MALWARE-OTHER PWS.Win32.Scofted keylogger runtime detection (malware-other.rules) * 1:19742 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.atff variant outbound connection (malware-cnc.rules) * 1:19743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon.eqlo variant outbound connection (malware-cnc.rules) * 1:19744 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Deecee.a variant outbound connection (malware-cnc.rules) * 1:19745 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudLoad.dyl variant outbound connection (malware-cnc.rules) * 1:19746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.biiw variant outbound connection (malware-cnc.rules) * 1:19747 <-> ENABLED <-> MALWARE-BACKDOOR Win.Trojan.GGDoor.22 variant outbound connection (malware-backdoor.rules) * 1:19748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypt.ULPM.Gen IRC variant outbound connection (malware-cnc.rules) * 1:19749 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.chgp variant outbound connection (malware-cnc.rules) * 1:19750 <-> DISABLED <-> MALWARE-CNC PWS.Win32.Zbot.PJ variant outbound connection (malware-cnc.rules) * 1:19751 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Sohanad.bm variant outbound connection (malware-cnc.rules) * 1:19752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules) * 1:19753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TrojanSpy.Win32.Zbot.gen.C variant outbound connection (malware-cnc.rules) * 1:19754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Delf.RGL variant outbound connection (malware-cnc.rules) * 1:19755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alphabet variant outbound connection (malware-cnc.rules) * 1:19756 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules) * 1:19757 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.bqlu variant outbound connection (malware-cnc.rules) * 1:19758 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.yw variant outbound connection (malware-cnc.rules) * 1:19759 <-> DISABLED <-> MALWARE-CNC Trojan-PSW.Win32.FireThief.h variant outbound connection (malware-cnc.rules) * 1:19760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arsinfoder variant outbound connection (malware-cnc.rules) * 1:19761 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (malware-cnc.rules) * 1:19762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RDPdoor.AE variant outbound connection (malware-cnc.rules) * 1:19763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RDPdoor.AE variant outbound connection (malware-cnc.rules) * 1:19764 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RDPdoor.AE variant outbound connection (malware-cnc.rules) * 1:19765 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:19766 <-> DISABLED <-> MALWARE-CNC Win.Worm.Autorun variant outbound connection (malware-cnc.rules) * 1:19767 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (malware-cnc.rules) * 1:19769 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (malware-cnc.rules) * 1:19770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19771 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules) * 1:19772 <-> ENABLED <-> MALWARE-CNC Virus.Win32.Parite.B variant outbound connection (malware-cnc.rules) * 1:19773 <-> DISABLED <-> MALWARE-CNC Virus.Win32.Parite.B variant outbound connection (malware-cnc.rules) * 1:19774 <-> DISABLED <-> MALWARE-CNC Gen-Trojan.Heur variant outbound connection (malware-cnc.rules) * 1:19775 <-> DISABLED <-> PUA-ADWARE PWS.Win32.Ldpinch.gen outbound connection (pua-adware.rules) * 1:19776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent2.guy dropper variant outbound connection (malware-cnc.rules) * 1:19777 <-> DISABLED <-> PUA-ADWARE Fast Antivirus 2009 outbound connection (pua-adware.rules) * 1:19781 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Agent.aqpn variant outbound connection (malware-cnc.rules) * 1:19782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AVKill.bc variant outbound connection (malware-cnc.rules) * 1:19783 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.agcw variant outbound connection (malware-cnc.rules) * 1:19784 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.sde variant outbound connection (malware-cnc.rules) * 1:19785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Malushka.T variant outbound connection (malware-cnc.rules) * 1:19786 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla (malware-cnc.rules) * 1:19787 <-> DISABLED <-> MALWARE-CNC Exploit-PDF.t variant outbound connection (malware-cnc.rules) * 1:19788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.VB.pnc variant outbound connection (malware-cnc.rules) * 1:19789 <-> ENABLED <-> MALWARE-CNC P2P Worm Win.Trojan.SpyBot.pgh variant outbound connection (malware-cnc.rules) * 1:19790 <-> DISABLED <-> MALWARE-CNC P2P Worm Win.Trojan.SpyBot.pgh variant outbound connection (malware-cnc.rules) * 1:19791 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Small.awa variant outbound connection (malware-cnc.rules) * 1:19792 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.Caxnet.A variant outbound connection (malware-cnc.rules) * 1:19793 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.SillyFDC-DS variant outbound connection (malware-cnc.rules) * 1:19794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fnumbot variant outbound connection (malware-cnc.rules) * 1:19795 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV NoAdware variant outbound connection (malware-cnc.rules) * 1:19796 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DL.CashnJoy.A variant outbound connection (malware-cnc.rules) * 1:19797 <-> DISABLED <-> MALWARE-CNC Safety Center variant outbound connection (malware-cnc.rules) * 1:19798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent2.kxu variant outbound connection (malware-cnc.rules) * 1:19799 <-> DISABLED <-> MALWARE-CNC PWS.Win32.Zbot.gen.Q variant outbound connection (malware-cnc.rules) * 1:19800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pher.ij variant outbound connection (malware-cnc.rules) * 1:19801 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules) * 1:19802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wixud.B variant outbound connection (malware-cnc.rules) * 1:19803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos.FH variant outbound connection (malware-cnc.rules) * 1:19804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.ktq variant outbound connection (malware-cnc.rules) * 1:19805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smser.cx variant outbound connection (malware-cnc.rules) * 1:19819 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ertfor.A variant outbound connection (malware-cnc.rules) * 1:19820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ertfor.A variant outbound connection (malware-cnc.rules) * 1:19821 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Bagle.gen.C variant outbound connection (malware-cnc.rules) * 1:19822 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.HH variant outbound connection (malware-cnc.rules) * 1:19823 <-> DISABLED <-> PUA-ADWARE Downloader.Banload.AKBB outbound connection (pua-adware.rules) * 1:19824 <-> DISABLED <-> MALWARE-CNC Gen-Trojan.Heur variant outbound connection (malware-cnc.rules) * 1:19825 <-> DISABLED <-> SERVER-APACHE Apache Killer denial of service tool exploit attempt (server-apache.rules) * 1:19827 <-> DISABLED <-> PUA-ADWARE PWS-QQGame outbound connection (pua-adware.rules) * 1:19828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyAgent.B variant outbound connection (malware-cnc.rules) * 1:19829 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbot.gen variant outbound connection (malware-cnc.rules) * 1:19830 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poebot.BP variant outbound connection (malware-cnc.rules) * 1:19831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.SO variant outbound connection (malware-cnc.rules) * 1:19832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veslorn.gen.A variant outbound connection (malware-cnc.rules) * 1:19833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.bda variant outbound connection (malware-cnc.rules) * 1:19834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZBot.RD variant outbound connection (malware-cnc.rules) * 1:19835 <-> DISABLED <-> PUA-ADWARE Delphi-Piette Windows (pua-adware.rules) * 1:19836 <-> DISABLED <-> MALWARE-CNC Spy-Net 0.7 runtime (malware-cnc.rules) * 1:19837 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules) * 1:19838 <-> DISABLED <-> PUA-ADWARE Spyware Guard 2008 outbound connection (pua-adware.rules) * 1:19839 <-> DISABLED <-> PUA-ADWARE Antivirus XP 2008 runtime detection (pua-adware.rules) * 1:19840 <-> DISABLED <-> PUA-ADWARE XP Antispyware 2009 outbound connection (pua-adware.rules) * 1:19841 <-> DISABLED <-> PUA-ADWARE 0desa MSN password stealer (pua-adware.rules) * 1:19842 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules) * 1:19843 <-> DISABLED <-> PUA-ADWARE Windows Antivirus 2008 (pua-adware.rules) * 1:19848 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (pua-adware.rules) * 1:19849 <-> DISABLED <-> PUA-ADWARE Adware.Virtumonde runtime detection (pua-adware.rules) * 1:19850 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.qgg variant outbound connection (malware-cnc.rules) * 1:19851 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.qgg variant outbound connection (malware-cnc.rules) * 1:19852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Delf.tbv variant outbound connection (malware-cnc.rules) * 1:19853 <-> DISABLED <-> PUA-ADWARE Wowpa KI outbound connection (pua-adware.rules) * 1:19856 <-> DISABLED <-> MALWARE-CNC Packed.Win32.Krap.i variant outbound connection (malware-cnc.rules) * 1:19857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon.hhbd variant outbound connection - Windows (malware-cnc.rules) * 1:19858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon.hhbd variant outbound connection - non-Windows (malware-cnc.rules) * 1:19859 <-> DISABLED <-> PUA-ADWARE XP Deluxe Protector outbound connection (pua-adware.rules) * 1:19860 <-> DISABLED <-> PUA-ADWARE Trust Warrior outbound connection (pua-adware.rules) * 1:19861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cqcv variant outbound connection (malware-cnc.rules) * 1:19862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar.iej variant outbound connection (malware-cnc.rules) * 1:19863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.yi variant outbound connection (malware-cnc.rules) * 1:19864 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (malware-cnc.rules) * 1:19865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arhost.D variant outbound connection (malware-cnc.rules) * 1:19895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.jwh variant outbound connection (malware-cnc.rules) * 1:19896 <-> DISABLED <-> PUA-ADWARE Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Install Detection (pua-adware.rules) * 1:19897 <-> DISABLED <-> PUA-TOOLBARS Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 Runtime Detection (pua-toolbars.rules) * 1:19898 <-> DISABLED <-> MALWARE-CNC Cinmus Variant variant outbound connection (malware-cnc.rules) * 1:19899 <-> ENABLED <-> MALWARE-OTHER Tong Keylogger outbound connectiooutbound connection (malware-other.rules) * 1:19900 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (malware-other.rules) * 1:19901 <-> DISABLED <-> MALWARE-OTHER Tong Keylogger outbound connection (malware-other.rules) * 1:19902 <-> DISABLED <-> PUA-ADWARE Targetedbanner.biz Adrotator outbound connection (pua-adware.rules) * 1:19903 <-> DISABLED <-> PUA-ADWARE Win32.Agent.vvm outbound connection (pua-adware.rules) * 1:19904 <-> DISABLED <-> PUA-ADWARE WinReanimator outbound connection (pua-adware.rules) * 1:19905 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.jog variant outbound connection (malware-cnc.rules) * 1:19906 <-> DISABLED <-> PUA-TOOLBARS 6SQ Toolbar runtime detection (pua-toolbars.rules) * 1:19912 <-> ENABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (malware-cnc.rules) * 1:19913 <-> ENABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (malware-cnc.rules) * 1:19914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quivoe.A variant outbound connection (malware-cnc.rules) * 1:19915 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler.apd variant outbound connection (malware-cnc.rules) * 1:19916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.ACB variant outbound connection (malware-cnc.rules) * 1:19917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sogu.A variant outbound connection (malware-cnc.rules) * 1:19918 <-> DISABLED <-> MALWARE-CNC Win.Worm.Ganelp.B variant outbound connection (malware-cnc.rules) * 1:19919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murcy.A variant outbound connection (malware-cnc.rules) * 1:19920 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reppserv.A outbond connection (malware-cnc.rules) * 1:19921 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Puprlehzae.A variant outbound connection (malware-cnc.rules) * 1:19922 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz.ivr variant outbound connection (malware-cnc.rules) * 1:19923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Venik.B variant outbound connection (malware-cnc.rules) * 1:19924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spidern.A variant outbound connection (malware-cnc.rules) * 1:19927 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19928 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19929 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19930 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules) * 1:19931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lineage.Gen.Pac.3 variant outbound connection (malware-cnc.rules) * 1:19934 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MYURL (malware-cnc.rules) * 1:19935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Delf.aba variant outbound connection (malware-cnc.rules) * 1:19936 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Delf.aba variant outbound connection (malware-cnc.rules) * 1:19939 <-> DISABLED <-> PUA-ADWARE WeatherStudio outbound connection (pua-adware.rules) * 1:19940 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.IRC.TKB variant outbound connection - dir4you (malware-cnc.rules) * 1:19941 <-> DISABLED <-> MALWARE-CNC TrojanSpy Win.Trojan.Zbot.Gen variant outbound connection (malware-cnc.rules) * 1:19942 <-> DISABLED <-> MALWARE-CNC TrojanSpy Win.Trojan.Zbot.Gen variant outbound connection (malware-cnc.rules) * 1:19944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Banload.ykl variant outbound connection (malware-cnc.rules) * 1:19945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Agent.amwd variant outbound connection (malware-cnc.rules) * 1:19946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Agent.amwd variant outbound connection (malware-cnc.rules) * 1:19947 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.amwd variant outbound connection (malware-cnc.rules) * 1:19948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.asjk variant outbound connection (malware-cnc.rules) * 1:19949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.asjk variant outbound connection (malware-cnc.rules) * 1:19950 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Defsel inbound connection (malware-cnc.rules) * 1:19951 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Defsel variant outbound connection (malware-cnc.rules) * 1:19952 <-> ENABLED <-> MALWARE-CNC Biodox inbound connection (malware-cnc.rules) * 1:19953 <-> DISABLED <-> MALWARE-CNC Biodox variant outbound connection (malware-cnc.rules) * 1:19954 <-> DISABLED <-> MALWARE-CNC Hack Style RAT variant outbound connection (malware-cnc.rules) * 1:19955 <-> DISABLED <-> MALWARE-CNC PaiN RAT 0.1 variant outbound connection (malware-cnc.rules) * 1:19957 <-> DISABLED <-> MALWARE-CNC Arabian-Attacker 1.1.0 variant outbound connection (malware-cnc.rules) * 1:19958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aulk variant outbound connection (malware-cnc.rules) * 1:19959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aulk variant outbound connection (malware-cnc.rules) * 1:19960 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.aulk variant outbound connection (malware-cnc.rules) * 1:19961 <-> DISABLED <-> MALWARE-CNC Fouad 1.0 variant outbound connection (malware-cnc.rules) * 1:19962 <-> DISABLED <-> MALWARE-CNC Email-Worm.CryptBox-A variant outbound connection (malware-cnc.rules) * 1:19963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Banload.aajs variant outbound connection (malware-cnc.rules) * 1:19965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Agent.avzz variant outbound connection (malware-cnc.rules) * 1:19966 <-> DISABLED <-> MALWARE-CNC Octopus 0.1 inbound connection (malware-cnc.rules) * 1:19967 <-> DISABLED <-> MALWARE-CNC Trojan-PSW.Win32.Papras.dm variant outbound connection (malware-cnc.rules) * 1:19968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PSW.QQPass.amx variant outbound connection (malware-cnc.rules) * 1:19969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypt.CY variant outbound connection (malware-cnc.rules) * 1:19970 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smalltroj.MHYR variant outbound connection (malware-cnc.rules) * 1:19971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mudrop.lj variant outbound connection (malware-cnc.rules) * 1:19973 <-> DISABLED <-> MALWARE-CNC Worm.Win.Trojan.Nebuler.D variant outbound connection (malware-cnc.rules) * 1:19974 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.bwj variant outbound connection (malware-cnc.rules) * 1:19975 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypt.vb variant outbound connection (malware-cnc.rules) * 1:19977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LooksLike.Zaplot variant outbound connection (malware-cnc.rules) * 1:19979 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (malware-cnc.rules) * 1:19980 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (malware-cnc.rules) * 1:19981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micstus.A runtime traffic detected (malware-cnc.rules) * 1:19982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.wwe variant outbound connection (malware-cnc.rules) * 1:19983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kolabc.fic variant outbound connection (malware-cnc.rules) * 1:19984 <-> DISABLED <-> PUA-ADWARE Antivirus 2010 outbound connection (pua-adware.rules) * 1:19987 <-> DISABLED <-> PUA-ADWARE PCLiveGuard outbound connection (pua-adware.rules) * 1:19988 <-> DISABLED <-> MALWARE-CNC Asprox variant outbound connection (malware-cnc.rules) * 1:19989 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules) * 1:19990 <-> DISABLED <-> PUA-ADWARE Total Protect 2009 outbound connection (pua-adware.rules) * 1:19991 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PG runtime traffic detected (malware-cnc.rules) * 1:19992 <-> DISABLED <-> MALWARE-CNC Trojan-Dropper.Win32.Farfli.A runtime traffic detected (malware-cnc.rules) * 1:19993 <-> DISABLED <-> MALWARE-CNC Win32 Poebot runtime traffic detected (malware-cnc.rules) * 1:19994 <-> DISABLED <-> PUA-ADWARE Antivirus 360 outbound connection (pua-adware.rules) * 1:19995 <-> ENABLED <-> MALWARE-CNC Waledac variant outbound connection (malware-cnc.rules) * 1:19996 <-> DISABLED <-> MALWARE-CNC Worm Brontok.C variant outbound connection (malware-cnc.rules) * 1:19997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PSW.Win32.QQPass.gam variant outbound connection (malware-cnc.rules) * 1:19998 <-> ENABLED <-> PUA-ADWARE IP address disclosure to advertisement sites attempt (pua-adware.rules) * 1:19999 <-> DISABLED <-> PUA-ADWARE ThreatNuker outbound connection (pua-adware.rules) * 1:20001 <-> ENABLED <-> MALWARE-CNC Allaple.e variant outbound connection (malware-cnc.rules) * 1:20002 <-> DISABLED <-> MALWARE-CNC Allaple.e variant outbound connection (malware-cnc.rules) * 1:20003 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy Pilonoc runtime traffic detected (malware-cnc.rules) * 1:20004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy Pilonoc install-time traffic detected (malware-cnc.rules) * 1:20005 <-> DISABLED <-> MALWARE-CNC Win32 Lecna.cr runtime traffic detected (malware-cnc.rules) * 1:20006 <-> DISABLED <-> MALWARE-CNC Worm Plurp.A runtime traffic detected (malware-cnc.rules) * 1:20007 <-> DISABLED <-> PUA-ADWARE Cinmus.asaq outbound connection (pua-adware.rules) * 1:20008 <-> DISABLED <-> MALWARE-CNC Malware PDFMarca.A runtime traffic detected (malware-cnc.rules) * 1:20009 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules) * 1:20010 <-> DISABLED <-> MALWARE-CNC Win32/Babmote.A runtime TCP traffic detected (malware-cnc.rules) * 1:20011 <-> ENABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (malware-cnc.rules) * 1:20012 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules) * 1:20014 <-> DISABLED <-> MALWARE-CNC Kaju variant outbound connection - confirmation (malware-cnc.rules) * 1:20015 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:20016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:20017 <-> DISABLED <-> MALWARE-CNC Win.Worm.Koobface.dq variant outbound connection (malware-cnc.rules) * 1:20018 <-> DISABLED <-> MALWARE-CNC Win.Worm.Autorun variant outbound connection (malware-cnc.rules) * 1:20019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test (malware-cnc.rules) * 1:20021 <-> ENABLED <-> MALWARE-CNC Win.Worm.Brontok user-agent outbound connection (malware-cnc.rules) * 1:20022 <-> DISABLED <-> MALWARE-CNC Win.Worm.Padobot.z variant outbound connection (malware-cnc.rules) * 1:20023 <-> DISABLED <-> MALWARE-CNC Advanced Virus Remover variant outbound connection (malware-cnc.rules) * 1:20024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dreamy.bc variant outbound connection (malware-cnc.rules) * 1:20025 <-> DISABLED <-> PUA-ADWARE VirusBye outbound connection (pua-adware.rules) * 1:20026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Banker.abg.b variant outbound connection (malware-cnc.rules) * 1:20028 <-> DISABLED <-> MALWARE-CNC Windows Antivirus Pro variant outbound connection (malware-cnc.rules) * 1:20034 <-> DISABLED <-> FILE-OTHER ESTsoft ALZip MIM file buffer overflow attempt (file-other.rules) * 1:20035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Coinbit.A runtime traffic detected (malware-cnc.rules) * 1:20036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Agent.ndau runtime traffic detected (malware-cnc.rules) * 1:20037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (malware-cnc.rules) * 1:20038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (malware-cnc.rules) * 1:20039 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Hardcore Software (malware-cnc.rules) * 1:20040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KSpyPro.A variant outbound connection (malware-cnc.rules) * 1:20041 <-> DISABLED <-> PUA-ADWARE Adware.BB outbound connection (pua-adware.rules) * 1:20042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal outbond connection (malware-cnc.rules) * 1:20043 <-> DISABLED <-> MALWARE-CNC Adware Kraddare.AZ variant outbound connection (malware-cnc.rules) * 1:20057 <-> DISABLED <-> MALWARE-CNC BitCoin Miner IP query (malware-cnc.rules) * 1:20063 <-> DISABLED <-> PUA-ADWARE SecurityTool outbound connection (pua-adware.rules) * 1:20064 <-> DISABLED <-> MALWARE-CNC Malware Win.Trojan.Clemag.A variant outbound connection (malware-cnc.rules) * 1:20066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 SensLiceld.A runtime traffic detected (malware-cnc.rules) * 1:20067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Zatvex.A runtime traffic detected (malware-cnc.rules) * 1:20068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jetilms.A runtime activity detected (malware-cnc.rules) * 1:20069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.alhq runtime traffic detected (malware-cnc.rules) * 1:20074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot.iseee variant outbound connection (malware-cnc.rules) * 1:20075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill.abl variant outbound connection (malware-cnc.rules) * 1:20076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agobot.ast variant outbound connection (malware-cnc.rules) * 1:20077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agobot.ast variant outbound connection (malware-cnc.rules) * 1:20078 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Russkill.C variant outbound connection (malware-cnc.rules) * 1:20079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Russkill.C variant outbound connection (malware-cnc.rules) * 1:20080 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (malware-cnc.rules) * 1:20081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (malware-cnc.rules) * 1:20082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inject.raw variant outbound connection (malware-cnc.rules) * 1:20083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fucobha.A variant outbound connection (malware-cnc.rules) * 1:20085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veebuu.BX variant outbound connection (malware-cnc.rules) * 1:20086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload.ABY variant outbound connection (malware-cnc.rules) * 1:20087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.FGU variant outbound connection (malware-cnc.rules) * 1:20088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emudbot.A variant outbound connection (malware-cnc.rules) * 1:20096 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent.dcir variant outbound connection (malware-cnc.rules) * 1:20097 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.dcir infected host at destination ip (malware-cnc.rules) * 1:20098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KeyLogger.wav variant outbound connection (malware-cnc.rules) * 1:20099 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules) * 1:20104 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules) * 1:20105 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules) * 1:20106 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules) * 1:20107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Small.Cns variant outbound connection (malware-cnc.rules) * 1:20108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.Pher variant outbound connection (malware-cnc.rules) * 1:20109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zombie.sm variant outbound connection (malware-cnc.rules) * 1:20123 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ShrFmla record use after free attempt (file-office.rules) * 1:20128 <-> DISABLED <-> FILE-OFFICE Microsoft Office invalid MS-OGRAPH DataFormat buffer overflow attempt (file-office.rules) * 1:20179 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt (server-webapp.rules) * 1:20180 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt (server-webapp.rules) * 1:20202 <-> ENABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (malware-cnc.rules) * 1:20204 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Taidoor variant outbound connection (malware-cnc.rules) * 1:20205 <-> DISABLED <-> MALWARE-CNC Win32/Poison beaconing request (malware-cnc.rules) * 1:20213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules) * 1:20217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramagedos.A variant outbound connection (malware-cnc.rules) * 1:20218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramagedos.A variant outbound connection (malware-cnc.rules) * 1:20219 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ToriaSpy.A variant outbound connection (malware-cnc.rules) * 1:20220 <-> DISABLED <-> PUA-ADWARE Adware.Wizpop outbound connection (pua-adware.rules) * 1:20221 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules) * 1:20222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Payazol.B variant outbound connection (malware-cnc.rules) * 1:20223 <-> ENABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:20224 <-> DISABLED <-> FILE-MULTIMEDIA MPlayer SMI file buffer overflow attempt (file-multimedia.rules) * 1:20225 <-> ENABLED <-> FILE-OTHER SMI file download request (file-other.rules) * 1:20226 <-> DISABLED <-> FILE-OTHER MPlayer SMI file buffer overflow attempt (file-other.rules) * 1:20228 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules) * 1:20229 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (malware-cnc.rules) * 1:20230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules) * 1:20231 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules) * 1:20232 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules) * 1:20233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules) * 1:20234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ceckno.cmz runtime traffic detected (malware-cnc.rules) * 1:20235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AdobeReader.Uz runtime traffic detected (malware-cnc.rules) * 1:20252 <-> DISABLED <-> MALWARE-CNC DroidKungFu check-in (malware-cnc.rules) * 1:20280 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20281 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:20289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doschald.A variant outbound connection (malware-cnc.rules) * 1:20290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doschald.A inbound connection (malware-cnc.rules) * 1:20291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mybios.A variant outbound connection (malware-cnc.rules) * 1:20292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FresctSpy.A variant outbound connection (malware-cnc.rules) * 1:20293 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules) * 1:20387 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax rate management attribute buffer overflow attempt (protocol-voip.rules) * 1:20388 <-> DISABLED <-> PROTOCOL-VOIP T.38 fax EC attribute buffer overflow attempt (protocol-voip.rules) * 1:20428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zewit.A variant outbound connection (malware-cnc.rules) * 1:20429 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D CLODMeshDeceleration code execution attempt (file-pdf.rules) * 1:20431 <-> DISABLED <-> FILE-OTHER Wireshark DECT packet dissector overflow attempt (file-other.rules) * 1:20433 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 anutayadokalug host outbound connection (pua-adware.rules) * 1:20434 <-> DISABLED <-> PUA-ADWARE XP Guardian 2010 proantivirus21 host runtime traffic detection (pua-adware.rules) * 1:20435 <-> DISABLED <-> MALWARE-CNC TrojanSpy Win.Trojan.Zbot.Svr runtime traffic detected (malware-cnc.rules) * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:20447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.JAAK variant outbound connection (malware-cnc.rules) * 1:20448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meciv.A variant outbound connection (malware-cnc.rules) * 1:20449 <-> DISABLED <-> MALWARE-CNC Win.Worm.Busifom.A variant outbound connection (malware-cnc.rules) * 1:20525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duqu variant outbound connection (malware-cnc.rules) * 1:20527 <-> ENABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (malware-cnc.rules) * 1:20528 <-> DISABLED <-> SERVER-APACHE Apache mod_proxy reverse proxy information disclosure attempt (server-apache.rules) * 1:20558 <-> ENABLED <-> EXPLOIT-KIT URI request for known malicious URI /stat2.php (exploit-kit.rules) * 1:20559 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI file buffer overflow attempt (file-multimedia.rules) * 1:20561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PWSBanker.SHE variant outbound connection (malware-cnc.rules) * 1:20562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PWSBanker.SHE variant outbound connection (malware-cnc.rules) * 1:20565 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules) * 1:20566 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules) * 1:20569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.kb variant outbound connection (malware-cnc.rules) * 1:20570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.kb variant outbound connection (malware-cnc.rules) * 1:20571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.kb variant outbound connection (malware-cnc.rules) * 1:20587 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Larchik.A variant outbound connection (malware-cnc.rules) * 1:20595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ixeshe.F variant outbound connection (malware-cnc.rules) * 1:20596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outbound connection (malware-cnc.rules) * 1:20597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler.A variant outb