Talos has added and modified multiple rules in the browser-ie, file-pdf, malware-cnc, malware-other and policy-spam rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48894 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules) * 1:48898 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules) * 1:48891 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (file-pdf.rules) * 1:48893 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (file-pdf.rules) * 1:48869 <-> ENABLED <-> MALWARE-OTHER Js.Dropper.Agent variant inbound payload download (malware-other.rules) * 1:48866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48890 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (file-pdf.rules) * 1:48899 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules) * 1:48895 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules) * 1:48897 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF getLegalWarnings use-after-free attempt (file-pdf.rules) * 1:48896 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF getLegalWarnings use-after-free attempt (file-pdf.rules) * 1:48878 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48877 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48874 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48875 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48876 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48873 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48870 <-> ENABLED <-> MALWARE-OTHER Js.Dropper.Agent variant inbound payload download (malware-other.rules) * 1:48871 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz inbound payload download (malware-other.rules) * 1:48872 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (malware-cnc.rules) * 1:48868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48887 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (malware-cnc.rules) * 1:48888 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF out-of-bounds read attempt (file-pdf.rules) * 1:48889 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF out-of-bounds read attempt (file-pdf.rules) * 1:48886 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48881 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48884 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (malware-cnc.rules) * 1:48885 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (malware-cnc.rules) * 1:48880 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48879 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48892 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (file-pdf.rules) * 1:48865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
* 1:48502 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.Delete variant download detected (malware-tools.rules) * 1:48513 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:48501 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.Delete variant download detected (malware-tools.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48895 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules) * 1:48894 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules) * 1:48893 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (file-pdf.rules) * 1:48897 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF getLegalWarnings use-after-free attempt (file-pdf.rules) * 1:48898 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules) * 1:48866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48881 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48879 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48896 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF getLegalWarnings use-after-free attempt (file-pdf.rules) * 1:48883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (malware-cnc.rules) * 1:48884 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (malware-cnc.rules) * 1:48885 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (malware-cnc.rules) * 1:48886 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48887 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (malware-cnc.rules) * 1:48888 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF out-of-bounds read attempt (file-pdf.rules) * 1:48889 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF out-of-bounds read attempt (file-pdf.rules) * 1:48890 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (file-pdf.rules) * 1:48891 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (file-pdf.rules) * 1:48869 <-> ENABLED <-> MALWARE-OTHER Js.Dropper.Agent variant inbound payload download (malware-other.rules) * 1:48870 <-> ENABLED <-> MALWARE-OTHER Js.Dropper.Agent variant inbound payload download (malware-other.rules) * 1:48871 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz inbound payload download (malware-other.rules) * 1:48868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48880 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48872 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48873 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48874 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48875 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48876 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48877 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48899 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules) * 1:48892 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (file-pdf.rules) * 1:48882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48878 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules)
* 1:48502 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.Delete variant download detected (malware-tools.rules) * 1:48513 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:48501 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.Delete variant download detected (malware-tools.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48893 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (snort3-file-pdf.rules) * 1:48889 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF out-of-bounds read attempt (snort3-file-pdf.rules) * 1:48899 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (snort3-browser-ie.rules) * 1:48898 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (snort3-browser-ie.rules) * 1:48897 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF getLegalWarnings use-after-free attempt (snort3-file-pdf.rules) * 1:48866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:48896 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF getLegalWarnings use-after-free attempt (snort3-file-pdf.rules) * 1:48895 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (snort3-policy-spam.rules) * 1:48867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:48878 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (snort3-malware-cnc.rules) * 1:48879 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (snort3-malware-cnc.rules) * 1:48876 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (snort3-malware-cnc.rules) * 1:48877 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (snort3-malware-cnc.rules) * 1:48874 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (snort3-malware-cnc.rules) * 1:48875 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (snort3-malware-cnc.rules) * 1:48872 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:48873 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (snort3-malware-cnc.rules) * 1:48870 <-> ENABLED <-> MALWARE-OTHER Js.Dropper.Agent variant inbound payload download (snort3-malware-other.rules) * 1:48871 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz inbound payload download (snort3-malware-other.rules) * 1:48869 <-> ENABLED <-> MALWARE-OTHER Js.Dropper.Agent variant inbound payload download (snort3-malware-other.rules) * 1:48865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:48868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:48894 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (snort3-policy-spam.rules) * 1:48892 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (snort3-file-pdf.rules) * 1:48890 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (snort3-file-pdf.rules) * 1:48891 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (snort3-file-pdf.rules) * 1:48888 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF out-of-bounds read attempt (snort3-file-pdf.rules) * 1:48886 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (snort3-malware-cnc.rules) * 1:48887 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (snort3-malware-cnc.rules) * 1:48884 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (snort3-malware-cnc.rules) * 1:48885 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (snort3-malware-cnc.rules) * 1:48882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (snort3-malware-cnc.rules) * 1:48883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (snort3-malware-cnc.rules) * 1:48880 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (snort3-malware-cnc.rules) * 1:48881 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (snort3-malware-cnc.rules)
* 1:48513 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (snort3-browser-ie.rules) * 1:48502 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.Delete variant download detected (snort3-malware-tools.rules) * 1:48501 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.Delete variant download detected (snort3-malware-tools.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48892 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (file-pdf.rules) * 1:48898 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules) * 1:48897 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF getLegalWarnings use-after-free attempt (file-pdf.rules) * 1:48896 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF getLegalWarnings use-after-free attempt (file-pdf.rules) * 1:48865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48895 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules) * 1:48894 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules) * 1:48866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48893 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (file-pdf.rules) * 1:48899 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules) * 1:48891 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (file-pdf.rules) * 1:48889 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF out-of-bounds read attempt (file-pdf.rules) * 1:48890 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (file-pdf.rules) * 1:48887 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (malware-cnc.rules) * 1:48888 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF out-of-bounds read attempt (file-pdf.rules) * 1:48885 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (malware-cnc.rules) * 1:48886 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (malware-cnc.rules) * 1:48884 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (malware-cnc.rules) * 1:48881 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48879 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48880 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48877 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48878 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48875 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48876 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48873 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48874 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48871 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz inbound payload download (malware-other.rules) * 1:48872 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48869 <-> ENABLED <-> MALWARE-OTHER Js.Dropper.Agent variant inbound payload download (malware-other.rules) * 1:48870 <-> ENABLED <-> MALWARE-OTHER Js.Dropper.Agent variant inbound payload download (malware-other.rules) * 1:48868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
* 1:48513 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:48501 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.Delete variant download detected (malware-tools.rules) * 1:48502 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.Delete variant download detected (malware-tools.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48870 <-> ENABLED <-> MALWARE-OTHER Js.Dropper.Agent variant inbound payload download (malware-other.rules) * 1:48869 <-> ENABLED <-> MALWARE-OTHER Js.Dropper.Agent variant inbound payload download (malware-other.rules) * 1:48868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48891 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (file-pdf.rules) * 1:48890 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (file-pdf.rules) * 1:48889 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF out-of-bounds read attempt (file-pdf.rules) * 1:48888 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF out-of-bounds read attempt (file-pdf.rules) * 1:48887 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (malware-cnc.rules) * 1:48886 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48885 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (malware-cnc.rules) * 1:48884 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (malware-cnc.rules) * 1:48883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ServHelper outbound connection (malware-cnc.rules) * 1:48882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48881 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48880 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48879 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlawedGrace outbound connection (malware-cnc.rules) * 1:48878 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48877 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48876 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48875 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48874 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48873 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BitterRAT variant outbound connection (malware-cnc.rules) * 1:48872 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48871 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz inbound payload download (malware-other.rules) * 1:48899 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules) * 1:48898 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer page layout use after free attempt (browser-ie.rules) * 1:48897 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF getLegalWarnings use-after-free attempt (file-pdf.rules) * 1:48896 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF getLegalWarnings use-after-free attempt (file-pdf.rules) * 1:48895 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules) * 1:48894 <-> DISABLED <-> POLICY-SPAM Potential phishing attack - Web Open Font Format evasion attempt (policy-spam.rules) * 1:48893 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (file-pdf.rules) * 1:48892 <-> ENABLED <-> FILE-PDF Adobe Reader XPS embedded font out-of-bounds vulnerability attempt (file-pdf.rules)
* 1:48513 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:48501 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.Delete variant download detected (malware-tools.rules) * 1:48502 <-> ENABLED <-> MALWARE-TOOLS Win.Tool.Delete variant download detected (malware-tools.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
