Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-flash, file-image, file-other, file-pdf, malware-cnc and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48939 <-> ENABLED <-> MALWARE-OTHER Unix.Rocke.Evasion variant dropped bash script (malware-other.rules) * 1:48901 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:48935 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48900 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager TMCM SQL injection attempt (server-webapp.rules) * 1:48905 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48936 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48906 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48937 <-> DISABLED <-> FILE-IMAGE Imagemagick XBM tranformation information leak attempt (file-image.rules) * 1:48907 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48904 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (malware-cnc.rules) * 1:48938 <-> ENABLED <-> MALWARE-OTHER Unix.Rocke.Evasion variant dropped bash script (malware-other.rules) * 1:48903 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:48940 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TA505 malicious dropper download attempt (malware-cnc.rules) * 1:48941 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TA505 malicious dropper download attempt (malware-cnc.rules) * 1:48942 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (file-pdf.rules) * 1:48943 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (file-pdf.rules) * 1:48944 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (file-pdf.rules) * 1:48945 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (file-pdf.rules) * 1:48908 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48913 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48914 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48915 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48916 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48919 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48918 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48925 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48934 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48931 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48930 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48927 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48928 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48920 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48926 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48923 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48924 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48922 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48921 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48902 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:48911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48917 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
* 1:31027 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31029 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:32318 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange use after free attempt (browser-ie.rules) * 1:32317 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange use after free attempt (browser-ie.rules) * 1:34419 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:48598 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (file-pdf.rules) * 1:48599 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (file-pdf.rules) * 1:19198 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:34418 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:31030 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31028 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48935 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48900 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager TMCM SQL injection attempt (server-webapp.rules) * 1:48906 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48907 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48937 <-> DISABLED <-> FILE-IMAGE Imagemagick XBM tranformation information leak attempt (file-image.rules) * 1:48936 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48905 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48901 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:48908 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48939 <-> ENABLED <-> MALWARE-OTHER Unix.Rocke.Evasion variant dropped bash script (malware-other.rules) * 1:48938 <-> ENABLED <-> MALWARE-OTHER Unix.Rocke.Evasion variant dropped bash script (malware-other.rules) * 1:48940 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TA505 malicious dropper download attempt (malware-cnc.rules) * 1:48941 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TA505 malicious dropper download attempt (malware-cnc.rules) * 1:48942 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (file-pdf.rules) * 1:48943 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (file-pdf.rules) * 1:48944 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (file-pdf.rules) * 1:48945 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (file-pdf.rules) * 1:48904 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (malware-cnc.rules) * 1:48903 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:48914 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48915 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48916 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48917 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48919 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48918 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48913 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48934 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48931 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48925 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48930 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48927 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48928 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48926 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48923 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48924 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48920 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48922 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48921 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48902 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:48911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
* 1:31029 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31027 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:19198 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:32318 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange use after free attempt (browser-ie.rules) * 1:34418 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:34419 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:48598 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (file-pdf.rules) * 1:48599 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (file-pdf.rules) * 1:31028 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:32317 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange use after free attempt (browser-ie.rules) * 1:31030 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48901 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (snort3-browser-plugins.rules) * 1:48936 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48900 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager TMCM SQL injection attempt (snort3-server-webapp.rules) * 1:48935 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48938 <-> ENABLED <-> MALWARE-OTHER Unix.Rocke.Evasion variant dropped bash script (snort3-malware-other.rules) * 1:48937 <-> DISABLED <-> FILE-IMAGE Imagemagick XBM tranformation information leak attempt (snort3-file-image.rules) * 1:48939 <-> ENABLED <-> MALWARE-OTHER Unix.Rocke.Evasion variant dropped bash script (snort3-malware-other.rules) * 1:48904 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (snort3-malware-cnc.rules) * 1:48905 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (snort3-file-flash.rules) * 1:48906 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (snort3-file-flash.rules) * 1:48907 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:48908 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:48932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48945 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (snort3-file-pdf.rules) * 1:48944 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (snort3-file-pdf.rules) * 1:48943 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (snort3-file-pdf.rules) * 1:48942 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (snort3-file-pdf.rules) * 1:48941 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TA505 malicious dropper download attempt (snort3-malware-cnc.rules) * 1:48940 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TA505 malicious dropper download attempt (snort3-malware-cnc.rules) * 1:48903 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (snort3-browser-plugins.rules) * 1:48913 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48914 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48915 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48916 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48919 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48918 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48917 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48924 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48923 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48922 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48921 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48920 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48902 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (snort3-browser-plugins.rules) * 1:48911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48934 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48931 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48930 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48927 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48928 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48925 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules) * 1:48926 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (snort3-file-image.rules)
* 1:31029 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (snort3-file-other.rules) * 1:31028 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (snort3-file-other.rules) * 1:19198 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (snort3-browser-plugins.rules) * 1:31027 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (snort3-file-other.rules) * 1:48598 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (snort3-file-pdf.rules) * 1:48599 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (snort3-file-pdf.rules) * 1:34419 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (snort3-browser-ie.rules) * 1:34418 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (snort3-browser-ie.rules) * 1:31030 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (snort3-file-other.rules) * 1:32318 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange use after free attempt (snort3-browser-ie.rules) * 1:32317 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange use after free attempt (snort3-browser-ie.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48936 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48935 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48900 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager TMCM SQL injection attempt (server-webapp.rules) * 1:48906 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48907 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48905 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48908 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48904 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (malware-cnc.rules) * 1:48913 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48914 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48915 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48916 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48917 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48918 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48919 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48901 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:48945 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (file-pdf.rules) * 1:48944 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (file-pdf.rules) * 1:48943 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (file-pdf.rules) * 1:48942 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (file-pdf.rules) * 1:48941 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TA505 malicious dropper download attempt (malware-cnc.rules) * 1:48940 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TA505 malicious dropper download attempt (malware-cnc.rules) * 1:48937 <-> DISABLED <-> FILE-IMAGE Imagemagick XBM tranformation information leak attempt (file-image.rules) * 1:48938 <-> ENABLED <-> MALWARE-OTHER Unix.Rocke.Evasion variant dropped bash script (malware-other.rules) * 1:48939 <-> ENABLED <-> MALWARE-OTHER Unix.Rocke.Evasion variant dropped bash script (malware-other.rules) * 1:48903 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:48934 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48930 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48931 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48928 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48926 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48927 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48924 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48925 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48923 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48921 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48922 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48920 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48902 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:48911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules)
* 1:31029 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31027 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31030 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:32317 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange use after free attempt (browser-ie.rules) * 1:32318 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange use after free attempt (browser-ie.rules) * 1:34418 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:34419 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:48598 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (file-pdf.rules) * 1:48599 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (file-pdf.rules) * 1:31028 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:19198 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48914 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48913 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48912 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48911 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48910 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48909 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48908 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48907 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:48906 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48905 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48904 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zebrocy variant outbound connection (malware-cnc.rules) * 1:48903 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:48902 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:48901 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:48900 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager TMCM SQL injection attempt (server-webapp.rules) * 1:48930 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48929 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48928 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48927 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48926 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48925 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48924 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48923 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48922 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48921 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48920 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48919 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48918 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48917 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48916 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48915 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48933 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48932 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48931 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48936 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48935 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48934 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro tga file heap overflow attempt (file-image.rules) * 1:48937 <-> DISABLED <-> FILE-IMAGE Imagemagick XBM tranformation information leak attempt (file-image.rules) * 1:48940 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TA505 malicious dropper download attempt (malware-cnc.rules) * 1:48939 <-> ENABLED <-> MALWARE-OTHER Unix.Rocke.Evasion variant dropped bash script (malware-other.rules) * 1:48938 <-> ENABLED <-> MALWARE-OTHER Unix.Rocke.Evasion variant dropped bash script (malware-other.rules) * 1:48943 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (file-pdf.rules) * 1:48942 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (file-pdf.rules) * 1:48941 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TA505 malicious dropper download attempt (malware-cnc.rules) * 1:48944 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (file-pdf.rules) * 1:48945 <-> ENABLED <-> FILE-PDF Adobe Reader Javascript out-of-bounds read (file-pdf.rules)
* 1:19198 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:31027 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31028 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31029 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31030 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:32317 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange use after free attempt (browser-ie.rules) * 1:32318 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange use after free attempt (browser-ie.rules) * 1:34418 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:34419 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Element object use-after-free attempt (browser-ie.rules) * 1:48598 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (file-pdf.rules) * 1:48599 <-> DISABLED <-> FILE-PDF Adobe Acrobat index file parsing memory corruption attempt (file-pdf.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
